Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus + Unstoppable Pop-up Ads


  • This topic is locked This topic is locked
23 replies to this topic

#1 mmcook

mmcook

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 May 2012 - 07:10 PM

I seem to have a particularly insidious redirecting virus that is defeating all attempts to get rid of it. I've tried to get help for this before and been through many programs. Basically, every once in a while - and it's not consistent - when I click on a link I get redirected to some random ad/help site. It's not always the same place I get redirected to, it doesn't happen from the same places, and I can't detect any pattern to it. I'm concerned about my computer being compromised.

The other thing is a pop-up ad that is driving me insane. It also seems to come up randomly in the lower right hand corner of my screen. It usually takes the form of a smartphone/iphone and it just rises up without warning. Sometime it doesn't look like a smartphone, but is just a square box. I can't make this pop up go away. I did some research and thought it might be a hijacking of my Hosts file, so I tried to reset the file, and also tried to manually delete the offending items, but it still keeps popping up.

My primary browser is IE64 bit. I'm running Windows 7 Home Edition. I have Microsoft Security Essentials as the Anti-Virus program (which also finds nothing).

Help?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by mmcook at 15:37:18 on 2012-05-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2638 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\mmcook\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\mmcook\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\mmcook\AppData\Local\Temp\_uninst_48613200.bat
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D372490F-985F-4182-88C3-716C25E2FDFD} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 176.9.75.3 www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-21cdb2fff9fb4df2\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 62853215;62853215;C:\Windows\system32\DRIVERS\62853215.sys --> C:\Windows\system32\DRIVERS\62853215.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-14 98208]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-9-5 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-9-5 128512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-12 517632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-12-4 2477304]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S4 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
.
=============== Created Last 30 ================
.
2012-05-06 19:33:57 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5EC3958-8A1C-48AF-B51A-0CF42DB784B7}\offreg.dll
2012-05-06 04:06:04 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5EC3958-8A1C-48AF-B51A-0CF42DB784B7}\mpengine.dll
2012-05-06 01:49:00 460888 ----a-w- C:\Windows\System32\drivers\62853215.sys
2012-05-04 19:46:57 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 02:27:03 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCEAC06F-9C69-4A53-87C7-2BB1432048C4}\gapaengine.dll
2012-04-20 20:00:21 -------- d-----w- C:\Program Files\iTunes
2012-04-20 20:00:21 -------- d-----w- C:\Program Files\iPod
2012-04-20 20:00:21 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-18 22:28:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-18 03:03:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-17 04:43:14 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-17 04:43:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-17 04:43:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-17 02:58:00 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-16 03:53:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-04-14 00:26:12 -------- d-----w- C:\Users\mmcook\transfer
2012-04-13 22:26:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-12 03:55:23 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:55:23 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 03:55:23 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:55:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:55:23 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 03:55:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 03:55:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-09 23:42:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-09 23:42:35 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-05-06 14:11:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:48:25 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 15:38:18.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 AM

Posted 06 May 2012 - 09:37 PM

Hello mmcook,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


We need a little more information before we proceed.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Symantec Endpoint Protection or Microsoft Security Essentials.

Norton and Symantec Removal Tool

Edited by fireman4it, 06 May 2012 - 09:41 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 07 May 2012 - 09:31 PM

Thank you for your quick reply. Here are the requested reports:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 21:43:56
-----------------------------
21:43:56.448 OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:56.463 Number of processors: 2 586 0x170A
21:43:56.463 ComputerName: COOK-HOME UserName: mmcook
21:43:57.898 Initialize success
21:47:18.653 AVAST engine defs: 12050701
21:47:59.776 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:47:59.776 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
21:47:59.791 Disk 0 MBR read successfully
21:47:59.791 Disk 0 MBR scan
21:47:59.791 Disk 0 Windows 7 default MBR code
21:47:59.807 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:47:59.838 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 7918 MB offset 112640
21:47:59.869 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 602506 MB offset 16328704
21:47:59.932 Disk 0 scanning C:\Windows\system32\drivers
21:48:14.174 Service scanning
21:48:41.412 Modules scanning
21:48:41.412 Disk 0 trace - called modules:
21:48:41.443 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:48:41.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f6530]
21:48:41.459 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8003958d20]
21:48:41.459 5 ACPI.sys[fffff88000f387a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800447a060]
21:48:42.613 AVAST engine scan C:\Windows
21:48:46.217 AVAST engine scan C:\Windows\system32
21:53:11.371 AVAST engine scan C:\Windows\system32\drivers
21:53:25.067 AVAST engine scan C:\Users\mmcook
21:59:04.087 AVAST engine scan C:\ProgramData
22:02:33.145 Scan finished successfully
22:03:25.296 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
22:03:25.358 The log file has been saved successfully to "C:\aswMBR.txt"


RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: mmcook [Admin rights]
Mode: Scan -- Date: 05/07/2012 22:20:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] _uninst_48613200.lnk @mmcook : C:\Users\mmcook\AppData\Local\Temp\_uninst_48613200.bat -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
176.9.75.3 www.google-analytics.com.
176.9.75.3 ad-emea.doubleclick.net.
176.9.75.3 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 69aac9eee4698390d87ead151b777abc
[BSP] 5ac569e9e71c018ba2b70830b9d7016e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 7918 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16328704 | Size: 602506 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


When I went to close the RogueKiller app. it said that "none elements have been deleted" and asked if I still wanted to continue. I did not know if I was supposed to tell it to delete anything so I did NOT just to be safe.

Also, I attempted to uninstall the Symantec Anti-Virus program using the Add/Remove tool three times and each time the computer got hung up before the end of the process and did not finish. MAybe I was being impatient, but I didn't think it should be taking an hour. I had to use the Task Manager to end the process.

Edited by mmcook, 07 May 2012 - 09:32 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 AM

Posted 07 May 2012 - 09:40 PM

Hello,


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 07 May 2012 - 10:41 PM

TDSS did not detect anything:


22:50:07.0975 1260 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:50:08.0474 1260 ============================================================
22:50:08.0474 1260 Current date / time: 2012/05/07 22:50:08.0474
22:50:08.0474 1260 SystemInfo:
22:50:08.0474 1260
22:50:08.0474 1260 OS Version: 6.1.7601 ServicePack: 1.0
22:50:08.0474 1260 Product type: Workstation
22:50:08.0474 1260 ComputerName: COOK-HOME
22:50:08.0474 1260 UserName: mmcook
22:50:08.0474 1260 Windows directory: C:\Windows
22:50:08.0474 1260 System windows directory: C:\Windows
22:50:08.0474 1260 Running under WOW64
22:50:08.0474 1260 Processor architecture: Intel x64
22:50:08.0474 1260 Number of processors: 2
22:50:08.0474 1260 Page size: 0x1000
22:50:08.0474 1260 Boot type: Normal boot
22:50:08.0474 1260 ============================================================
22:50:09.0956 1260 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:50:10.0003 1260 ============================================================
22:50:10.0003 1260 \Device\Harddisk0\DR0:
22:50:10.0003 1260 MBR partitions:
22:50:10.0003 1260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0xF77000
22:50:10.0003 1260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF92800, BlocksNum 0x498C5000
22:50:10.0003 1260 ============================================================
22:50:10.0003 1260 C: <-> \Device\Harddisk0\DR0\Partition1
22:50:10.0003 1260 ============================================================
22:50:10.0003 1260 Initialize success
22:50:10.0003 1260 ============================================================
22:50:17.0428 1552 ============================================================
22:50:17.0428 1552 Scan started
22:50:17.0428 1552 Mode: Manual;
22:50:17.0428 1552 ============================================================
22:50:17.0912 1552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:50:17.0943 1552 1394ohci - ok
22:50:18.0021 1552 62853215 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\62853215.sys
22:50:18.0021 1552 62853215 - ok
22:50:18.0146 1552 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:50:18.0162 1552 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:50:18.0271 1552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:50:18.0286 1552 ACPI - ok
22:50:18.0318 1552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:50:18.0333 1552 AcpiPmi - ok
22:50:18.0427 1552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:50:18.0505 1552 adp94xx - ok
22:50:18.0552 1552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:50:18.0567 1552 adpahci - ok
22:50:18.0583 1552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:50:18.0598 1552 adpu320 - ok
22:50:18.0630 1552 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:50:18.0630 1552 AeLookupSvc - ok
22:50:18.0692 1552 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:50:18.0708 1552 AERTFilters - ok
22:50:18.0754 1552 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:50:18.0770 1552 AFD - ok
22:50:18.0786 1552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:50:18.0786 1552 agp440 - ok
22:50:18.0832 1552 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:50:18.0848 1552 ALG - ok
22:50:18.0864 1552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:50:18.0879 1552 aliide - ok
22:50:18.0895 1552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:50:18.0895 1552 amdide - ok
22:50:18.0910 1552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:50:18.0926 1552 AmdK8 - ok
22:50:18.0926 1552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:50:18.0942 1552 AmdPPM - ok
22:50:18.0957 1552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:50:18.0973 1552 amdsata - ok
22:50:18.0988 1552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:50:18.0988 1552 amdsbs - ok
22:50:19.0020 1552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:50:19.0020 1552 amdxata - ok
22:50:19.0051 1552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:50:19.0082 1552 AppID - ok
22:50:19.0098 1552 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:50:19.0098 1552 AppIDSvc - ok
22:50:19.0144 1552 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:50:19.0176 1552 Appinfo - ok
22:50:19.0269 1552 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:50:19.0269 1552 Apple Mobile Device - ok
22:50:19.0316 1552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:50:19.0316 1552 arc - ok
22:50:19.0332 1552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:50:19.0332 1552 arcsas - ok
22:50:19.0347 1552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:19.0347 1552 AsyncMac - ok
22:50:19.0363 1552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:50:19.0363 1552 atapi - ok
22:50:19.0441 1552 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:50:19.0472 1552 AudioEndpointBuilder - ok
22:50:19.0488 1552 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:50:19.0488 1552 AudioSrv - ok
22:50:19.0534 1552 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:50:19.0566 1552 AxInstSV - ok
22:50:19.0597 1552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:50:19.0612 1552 b06bdrv - ok
22:50:19.0628 1552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:50:19.0644 1552 b57nd60a - ok
22:50:19.0737 1552 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:50:19.0784 1552 BBSvc - ok
22:50:19.0815 1552 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:50:19.0846 1552 BDESVC - ok
22:50:19.0862 1552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:50:19.0862 1552 Beep - ok
22:50:19.0956 1552 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:50:19.0971 1552 BFE - ok
22:50:20.0049 1552 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:50:20.0080 1552 BITS - ok
22:50:20.0127 1552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:50:20.0143 1552 blbdrive - ok
22:50:20.0221 1552 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:50:20.0236 1552 Bonjour Service - ok
22:50:20.0268 1552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:50:20.0268 1552 bowser - ok
22:50:20.0314 1552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:50:20.0330 1552 BrFiltLo - ok
22:50:20.0330 1552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:50:20.0346 1552 BrFiltUp - ok
22:50:20.0377 1552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:50:20.0392 1552 BridgeMP - ok
22:50:20.0439 1552 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:50:20.0439 1552 Browser - ok
22:50:20.0455 1552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:50:20.0470 1552 Brserid - ok
22:50:20.0486 1552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:50:20.0486 1552 BrSerWdm - ok
22:50:20.0502 1552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:50:20.0502 1552 BrUsbMdm - ok
22:50:20.0517 1552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:50:20.0517 1552 BrUsbSer - ok
22:50:20.0580 1552 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:50:20.0595 1552 BthEnum - ok
22:50:20.0611 1552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:50:20.0611 1552 BTHMODEM - ok
22:50:20.0658 1552 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:50:20.0658 1552 BthPan - ok
22:50:20.0720 1552 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:50:20.0751 1552 BTHPORT - ok
22:50:20.0782 1552 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:50:20.0829 1552 bthserv - ok
22:50:21.0001 1552 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:50:21.0032 1552 BTHUSB - ok
22:50:21.0079 1552 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
22:50:21.0094 1552 BVRPMPR5a64 - ok
22:50:21.0172 1552 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
22:50:21.0172 1552 ccEvtMgr - ok
22:50:21.0188 1552 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
22:50:21.0188 1552 ccSetMgr - ok
22:50:21.0219 1552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:50:21.0219 1552 cdfs - ok
22:50:21.0266 1552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:50:21.0297 1552 cdrom - ok
22:50:21.0328 1552 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:50:21.0344 1552 CertPropSvc - ok
22:50:21.0375 1552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:50:21.0391 1552 circlass - ok
22:50:21.0438 1552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:50:21.0438 1552 CLFS - ok
22:50:21.0500 1552 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:50:21.0531 1552 clr_optimization_v2.0.50727_32 - ok
22:50:21.0562 1552 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:50:21.0594 1552 clr_optimization_v2.0.50727_64 - ok
22:50:21.0656 1552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:50:21.0656 1552 clr_optimization_v4.0.30319_32 - ok
22:50:21.0718 1552 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:50:21.0718 1552 clr_optimization_v4.0.30319_64 - ok
22:50:21.0812 1552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:50:21.0828 1552 CmBatt - ok
22:50:21.0859 1552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:50:21.0859 1552 cmdide - ok
22:50:21.0906 1552 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:50:21.0906 1552 CNG - ok
22:50:21.0921 1552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:50:21.0937 1552 Compbatt - ok
22:50:21.0984 1552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:50:21.0999 1552 CompositeBus - ok
22:50:22.0015 1552 COMSysApp - ok
22:50:22.0015 1552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:50:22.0030 1552 crcdisk - ok
22:50:22.0077 1552 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:50:22.0077 1552 CryptSvc - ok
22:50:22.0140 1552 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
22:50:22.0155 1552 ctxusbm - ok
22:50:22.0218 1552 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:50:22.0218 1552 DcomLaunch - ok
22:50:22.0264 1552 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:50:22.0264 1552 defragsvc - ok
22:50:22.0327 1552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:50:22.0327 1552 DfsC - ok
22:50:22.0374 1552 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:50:22.0389 1552 Dhcp - ok
22:50:22.0405 1552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:50:22.0405 1552 discache - ok
22:50:22.0452 1552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:50:22.0452 1552 Disk - ok
22:50:22.0498 1552 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:50:22.0530 1552 Dnscache - ok
22:50:22.0608 1552 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
22:50:22.0670 1552 DockLoginService - ok
22:50:22.0717 1552 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:50:22.0748 1552 dot3svc - ok
22:50:22.0764 1552 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:50:22.0764 1552 DPS - ok
22:50:22.0810 1552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:50:22.0826 1552 drmkaud - ok
22:50:22.0904 1552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:50:22.0935 1552 DXGKrnl - ok
22:50:23.0060 1552 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:50:23.0107 1552 EapHost - ok
22:50:23.0247 1552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:50:23.0356 1552 ebdrv - ok
22:50:23.0466 1552 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:50:23.0512 1552 eeCtrl - ok
22:50:23.0606 1552 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:50:23.0637 1552 EFS - ok
22:50:23.0731 1552 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:50:23.0731 1552 ehRecvr - ok
22:50:23.0778 1552 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:50:23.0824 1552 ehSched - ok
22:50:23.0887 1552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:50:23.0918 1552 elxstor - ok
22:50:24.0027 1552 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
22:50:24.0027 1552 EPSON_EB_RPCV4_04 - ok
22:50:24.0058 1552 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
22:50:24.0058 1552 EPSON_PM_RPCV4_04 - ok
22:50:24.0090 1552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:50:24.0105 1552 ErrDev - ok
22:50:24.0136 1552 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:50:24.0152 1552 EventSystem - ok
22:50:24.0183 1552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:50:24.0199 1552 exfat - ok
22:50:24.0230 1552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:50:24.0230 1552 fastfat - ok
22:50:24.0308 1552 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:50:24.0324 1552 Fax - ok
22:50:24.0355 1552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:50:24.0370 1552 fdc - ok
22:50:24.0402 1552 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:50:24.0402 1552 fdPHost - ok
22:50:24.0417 1552 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:50:24.0417 1552 FDResPub - ok
22:50:24.0433 1552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:50:24.0433 1552 FileInfo - ok
22:50:24.0448 1552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:50:24.0448 1552 Filetrace - ok
22:50:24.0558 1552 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:50:24.0558 1552 FLEXnet Licensing Service - ok
22:50:24.0573 1552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:24.0573 1552 flpydisk - ok
22:50:24.0620 1552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:50:24.0620 1552 FltMgr - ok
22:50:24.0714 1552 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:50:24.0745 1552 FontCache - ok
22:50:24.0807 1552 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:50:24.0823 1552 FontCache3.0.0.0 - ok
22:50:24.0963 1552 FreeAgentGoNext Service (07af7870abf051ebbae8a8a92ff34abe) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
22:50:25.0026 1552 FreeAgentGoNext Service - ok
22:50:25.0119 1552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:50:25.0135 1552 FsDepends - ok
22:50:25.0182 1552 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
22:50:25.0197 1552 fssfltr - ok
22:50:25.0338 1552 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:50:25.0431 1552 fsssvc - ok
22:50:25.0525 1552 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:50:25.0525 1552 Fs_Rec - ok
22:50:25.0572 1552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:50:25.0572 1552 fvevol - ok
22:50:25.0618 1552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:50:25.0634 1552 gagp30kx - ok
22:50:25.0681 1552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:50:25.0696 1552 GEARAspiWDM - ok
22:50:25.0774 1552 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:50:25.0806 1552 GoToAssist - ok
22:50:25.0884 1552 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:50:25.0930 1552 gpsvc - ok
22:50:25.0962 1552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:50:25.0962 1552 hcw85cir - ok
22:50:26.0055 1552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:50:26.0086 1552 HdAudAddService - ok
22:50:26.0118 1552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:50:26.0118 1552 HDAudBus - ok
22:50:26.0133 1552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:50:26.0164 1552 HidBatt - ok
22:50:26.0180 1552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:50:26.0196 1552 HidBth - ok
22:50:26.0227 1552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:50:26.0242 1552 HidIr - ok
22:50:26.0274 1552 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:50:26.0289 1552 hidserv - ok
22:50:26.0305 1552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:50:26.0320 1552 HidUsb - ok
22:50:26.0352 1552 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:50:26.0398 1552 hkmsvc - ok
22:50:26.0445 1552 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:50:26.0445 1552 HomeGroupListener - ok
22:50:26.0492 1552 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:50:26.0492 1552 HomeGroupProvider - ok
22:50:26.0523 1552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:50:26.0523 1552 HpSAMD - ok
22:50:26.0601 1552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:50:26.0601 1552 HTTP - ok
22:50:26.0632 1552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:50:26.0632 1552 hwpolicy - ok
22:50:26.0679 1552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:50:26.0710 1552 i8042prt - ok
22:50:26.0757 1552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:50:26.0788 1552 iaStorV - ok
22:50:26.0898 1552 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:50:26.0929 1552 IDriverT - ok
22:50:27.0054 1552 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:50:27.0100 1552 idsvc - ok
22:50:27.0522 1552 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:50:27.0693 1552 igfx - ok
22:50:27.0818 1552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:50:27.0834 1552 iirsp - ok
22:50:27.0927 1552 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:50:27.0943 1552 IKEEXT - ok
22:50:28.0114 1552 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
22:50:28.0130 1552 IntcAzAudAddService - ok
22:50:28.0208 1552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:50:28.0224 1552 intelide - ok
22:50:28.0255 1552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:28.0255 1552 intelppm - ok
22:50:28.0286 1552 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:50:28.0317 1552 IPBusEnum - ok
22:50:28.0364 1552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:28.0380 1552 IpFilterDriver - ok
22:50:28.0458 1552 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:50:28.0473 1552 iphlpsvc - ok
22:50:28.0504 1552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:50:28.0520 1552 IPMIDRV - ok
22:50:28.0567 1552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:50:28.0598 1552 IPNAT - ok
22:50:28.0707 1552 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:50:28.0707 1552 iPod Service - ok
22:50:28.0816 1552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:50:28.0816 1552 IRENUM - ok
22:50:28.0848 1552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:50:28.0848 1552 isapnp - ok
22:50:28.0894 1552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:50:28.0910 1552 iScsiPrt - ok
22:50:28.0957 1552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:50:28.0972 1552 kbdclass - ok
22:50:29.0004 1552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:50:29.0019 1552 kbdhid - ok
22:50:29.0066 1552 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:29.0066 1552 KeyIso - ok
22:50:29.0097 1552 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:50:29.0097 1552 KSecDD - ok
22:50:29.0144 1552 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:50:29.0144 1552 KSecPkg - ok
22:50:29.0144 1552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:50:29.0160 1552 ksthunk - ok
22:50:29.0206 1552 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:50:29.0253 1552 KtmRm - ok
22:50:29.0316 1552 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:50:29.0331 1552 LanmanServer - ok
22:50:29.0362 1552 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:50:29.0362 1552 LanmanWorkstation - ok
22:50:29.0612 1552 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
22:50:29.0752 1552 LiveUpdate - ok
22:50:29.0893 1552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:50:29.0908 1552 lltdio - ok
22:50:29.0955 1552 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:50:30.0018 1552 lltdsvc - ok
22:50:30.0049 1552 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:50:30.0049 1552 lmhosts - ok
22:50:30.0096 1552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:50:30.0127 1552 LSI_FC - ok
22:50:30.0158 1552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:50:30.0174 1552 LSI_SAS - ok
22:50:30.0189 1552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:50:30.0205 1552 LSI_SAS2 - ok
22:50:30.0220 1552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:50:30.0220 1552 LSI_SCSI - ok
22:50:30.0252 1552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:50:30.0252 1552 luafv - ok
22:50:30.0345 1552 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
22:50:30.0345 1552 McciCMService - ok
22:50:30.0439 1552 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
22:50:30.0454 1552 McciCMService64 - ok
22:50:30.0564 1552 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:50:30.0610 1552 Mcx2Svc - ok
22:50:30.0642 1552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:50:30.0657 1552 megasas - ok
22:50:30.0673 1552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:50:30.0688 1552 MegaSR - ok
22:50:30.0782 1552 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:50:30.0813 1552 Microsoft Office Groove Audit Service - ok
22:50:30.0844 1552 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:50:30.0844 1552 MMCSS - ok
22:50:30.0844 1552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:50:30.0876 1552 Modem - ok
22:50:30.0907 1552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:50:30.0907 1552 monitor - ok
22:50:30.0954 1552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:50:30.0969 1552 mouclass - ok
22:50:31.0000 1552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:50:31.0000 1552 mouhid - ok
22:50:31.0047 1552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:50:31.0047 1552 mountmgr - ok
22:50:31.0094 1552 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:50:31.0094 1552 MpFilter - ok
22:50:31.0125 1552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:50:31.0156 1552 mpio - ok
22:50:31.0188 1552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:50:31.0188 1552 mpsdrv - ok
22:50:31.0297 1552 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:50:31.0312 1552 MpsSvc - ok
22:50:31.0375 1552 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
22:50:31.0437 1552 MREMP50 - ok
22:50:31.0515 1552 MREMP50a64 - ok
22:50:31.0515 1552 MREMPR5 - ok
22:50:31.0531 1552 MRENDIS5 - ok
22:50:31.0531 1552 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
22:50:31.0562 1552 MRESP50 - ok
22:50:31.0593 1552 MRESP50a64 - ok
22:50:31.0640 1552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:50:31.0671 1552 MRxDAV - ok
22:50:31.0702 1552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:31.0702 1552 mrxsmb - ok
22:50:31.0749 1552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:31.0749 1552 mrxsmb10 - ok
22:50:31.0765 1552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:31.0765 1552 mrxsmb20 - ok
22:50:31.0812 1552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:50:31.0827 1552 msahci - ok
22:50:31.0858 1552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:50:31.0874 1552 msdsm - ok
22:50:31.0921 1552 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:50:31.0952 1552 MSDTC - ok
22:50:31.0999 1552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:50:31.0999 1552 Msfs - ok
22:50:32.0014 1552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:50:32.0014 1552 mshidkmdf - ok
22:50:32.0014 1552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:50:32.0014 1552 msisadrv - ok
22:50:32.0046 1552 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:50:32.0092 1552 MSiSCSI - ok
22:50:32.0092 1552 msiserver - ok
22:50:32.0139 1552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:50:32.0155 1552 MSKSSRV - ok
22:50:32.0248 1552 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:50:32.0248 1552 MsMpSvc - ok
22:50:32.0264 1552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:32.0280 1552 MSPCLOCK - ok
22:50:32.0280 1552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:50:32.0295 1552 MSPQM - ok
22:50:32.0342 1552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:50:32.0358 1552 MsRPC - ok
22:50:32.0389 1552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:50:32.0389 1552 mssmbios - ok
22:50:32.0389 1552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:50:32.0404 1552 MSTEE - ok
22:50:32.0404 1552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:50:32.0420 1552 MTConfig - ok
22:50:32.0436 1552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:50:32.0436 1552 Mup - ok
22:50:32.0482 1552 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:50:32.0482 1552 napagent - ok
22:50:32.0514 1552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:50:32.0529 1552 NativeWifiP - ok
22:50:32.0638 1552 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120327.008\ENG64.SYS
22:50:32.0670 1552 NAVENG - ok
22:50:32.0779 1552 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120327.008\EX64.SYS
22:50:32.0826 1552 NAVEX15 - ok
22:50:32.0997 1552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:50:32.0997 1552 NDIS - ok
22:50:33.0106 1552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:50:33.0122 1552 NdisCap - ok
22:50:33.0153 1552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:33.0169 1552 NdisTapi - ok
22:50:33.0200 1552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:33.0216 1552 Ndisuio - ok
22:50:33.0262 1552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:33.0278 1552 NdisWan - ok
22:50:33.0325 1552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:50:33.0340 1552 NDProxy - ok
22:50:33.0356 1552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:50:33.0372 1552 NetBIOS - ok
22:50:33.0403 1552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:50:33.0403 1552 NetBT - ok
22:50:33.0450 1552 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:33.0450 1552 Netlogon - ok
22:50:33.0496 1552 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:50:33.0496 1552 Netman - ok
22:50:33.0528 1552 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:50:33.0543 1552 netprofm - ok
22:50:33.0606 1552 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:50:33.0637 1552 NetTcpPortSharing - ok
22:50:33.0668 1552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:50:33.0668 1552 nfrd960 - ok
22:50:33.0699 1552 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:50:33.0715 1552 NisDrv - ok
22:50:33.0777 1552 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:50:33.0808 1552 NisSrv - ok
22:50:33.0871 1552 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:50:33.0871 1552 NlaSvc - ok
22:50:33.0980 1552 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
22:50:33.0996 1552 nmservice - ok
22:50:34.0105 1552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:50:34.0120 1552 Npfs - ok
22:50:34.0152 1552 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:50:34.0183 1552 nsi - ok
22:50:34.0198 1552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:50:34.0198 1552 nsiproxy - ok
22:50:34.0308 1552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:50:34.0339 1552 Ntfs - ok
22:50:34.0417 1552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:50:34.0417 1552 Null - ok
22:50:34.0479 1552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:50:34.0495 1552 nvraid - ok
22:50:34.0542 1552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:50:34.0573 1552 nvstor - ok
22:50:34.0620 1552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:50:34.0651 1552 nv_agp - ok
22:50:34.0729 1552 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:50:34.0807 1552 odserv - ok
22:50:34.0838 1552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:50:34.0854 1552 ohci1394 - ok
22:50:34.0900 1552 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:34.0947 1552 ose - ok
22:50:34.0994 1552 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:50:34.0994 1552 p2pimsvc - ok
22:50:35.0056 1552 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:50:35.0056 1552 p2psvc - ok
22:50:35.0088 1552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:50:35.0103 1552 Parport - ok
22:50:35.0134 1552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:50:35.0134 1552 partmgr - ok
22:50:35.0166 1552 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:50:35.0166 1552 PcaSvc - ok
22:50:35.0181 1552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:50:35.0181 1552 pci - ok
22:50:35.0197 1552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:50:35.0197 1552 pciide - ok
22:50:35.0228 1552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:50:35.0244 1552 pcmcia - ok
22:50:35.0259 1552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:50:35.0259 1552 pcw - ok
22:50:35.0306 1552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:50:35.0306 1552 PEAUTH - ok
22:50:35.0400 1552 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:50:35.0431 1552 PerfHost - ok
22:50:35.0602 1552 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:50:35.0649 1552 pla - ok
22:50:35.0758 1552 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:50:35.0805 1552 PlugPlay - ok
22:50:35.0852 1552 Pml Driver HPZ12 (64ca1485214340cacc315ffdfded73ef) C:\Windows\system32\HPZipm12.dll
22:50:35.0852 1552 Pml Driver HPZ12 - ok
22:50:35.0930 1552 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
22:50:35.0946 1552 pnarp - ok
22:50:35.0977 1552 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:50:36.0008 1552 PNRPAutoReg - ok
22:50:36.0024 1552 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:50:36.0024 1552 PNRPsvc - ok
22:50:36.0086 1552 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:50:36.0086 1552 PolicyAgent - ok
22:50:36.0133 1552 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:50:36.0180 1552 Power - ok
22:50:36.0242 1552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:50:36.0273 1552 PptpMiniport - ok
22:50:36.0304 1552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:50:36.0320 1552 Processor - ok
22:50:36.0367 1552 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:50:36.0429 1552 ProfSvc - ok
22:50:36.0507 1552 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:36.0507 1552 ProtectedStorage - ok
22:50:36.0632 1552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:50:36.0632 1552 Psched - ok
22:50:36.0694 1552 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
22:50:36.0710 1552 purendis - ok
22:50:36.0741 1552 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:50:36.0741 1552 PxHlpa64 - ok
22:50:36.0819 1552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:50:36.0850 1552 ql2300 - ok
22:50:36.0944 1552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:50:36.0960 1552 ql40xx - ok
22:50:37.0006 1552 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:50:37.0038 1552 QWAVE - ok
22:50:37.0053 1552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:50:37.0053 1552 QWAVEdrv - ok
22:50:37.0069 1552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:50:37.0069 1552 RasAcd - ok
22:50:37.0100 1552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:50:37.0116 1552 RasAgileVpn - ok
22:50:37.0131 1552 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:50:37.0147 1552 RasAuto - ok
22:50:37.0178 1552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:37.0194 1552 Rasl2tp - ok
22:50:37.0240 1552 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:50:37.0256 1552 RasMan - ok
22:50:37.0272 1552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:37.0272 1552 RasPppoe - ok
22:50:37.0303 1552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:50:37.0318 1552 RasSstp - ok
22:50:37.0350 1552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:50:37.0381 1552 rdbss - ok
22:50:37.0381 1552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:50:37.0381 1552 rdpbus - ok
22:50:37.0396 1552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:37.0396 1552 RDPCDD - ok
22:50:37.0412 1552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:50:37.0428 1552 RDPENCDD - ok
22:50:37.0428 1552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:50:37.0428 1552 RDPREFMP - ok
22:50:37.0443 1552 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:50:37.0459 1552 RDPWD - ok
22:50:37.0506 1552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:50:37.0521 1552 rdyboost - ok
22:50:37.0552 1552 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:50:37.0584 1552 RemoteAccess - ok
22:50:37.0630 1552 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:50:37.0662 1552 RemoteRegistry - ok
22:50:37.0708 1552 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:50:37.0740 1552 RFCOMM - ok
22:50:37.0755 1552 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:50:37.0771 1552 RpcEptMapper - ok
22:50:37.0802 1552 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:50:37.0818 1552 RpcLocator - ok
22:50:37.0864 1552 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
22:50:37.0880 1552 RpcSs - ok
22:50:37.0896 1552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:50:37.0896 1552 rspndr - ok
22:50:37.0974 1552 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:50:37.0989 1552 RTL8167 - ok
22:50:38.0020 1552 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:38.0020 1552 SamSs - ok
22:50:38.0052 1552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:50:38.0083 1552 sbp2port - ok
22:50:38.0114 1552 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:50:38.0145 1552 SCardSvr - ok
22:50:38.0176 1552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:50:38.0176 1552 scfilter - ok
22:50:38.0270 1552 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:50:38.0301 1552 Schedule - ok
22:50:38.0410 1552 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:50:38.0410 1552 SCPolicySvc - ok
22:50:38.0457 1552 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:50:38.0488 1552 SDRSVC - ok
22:50:38.0598 1552 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:50:38.0598 1552 SeaPort - ok
22:50:38.0644 1552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:50:38.0660 1552 secdrv - ok
22:50:38.0691 1552 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:50:38.0691 1552 seclogon - ok
22:50:38.0722 1552 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:50:38.0722 1552 SENS - ok
22:50:38.0738 1552 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:50:38.0754 1552 SensrSvc - ok
22:50:38.0769 1552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:50:38.0785 1552 Serenum - ok
22:50:38.0800 1552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:50:38.0832 1552 Serial - ok
22:50:38.0878 1552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:50:38.0894 1552 sermouse - ok
22:50:38.0941 1552 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:50:38.0972 1552 SessionEnv - ok
22:50:39.0019 1552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:50:39.0019 1552 sffdisk - ok
22:50:39.0034 1552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:50:39.0034 1552 sffp_mmc - ok
22:50:39.0050 1552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:50:39.0066 1552 sffp_sd - ok
22:50:39.0066 1552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:39.0081 1552 sfloppy - ok
22:50:39.0128 1552 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:50:39.0128 1552 SharedAccess - ok
22:50:39.0190 1552 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:50:39.0190 1552 ShellHWDetection - ok
22:50:39.0206 1552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:50:39.0222 1552 SiSRaid2 - ok
22:50:39.0222 1552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:50:39.0237 1552 SiSRaid4 - ok
22:50:39.0268 1552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:50:39.0284 1552 Smb - ok
22:50:39.0518 1552 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
22:50:39.0565 1552 SmcService - ok
22:50:39.0627 1552 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
22:50:39.0674 1552 SNAC - ok
22:50:39.0799 1552 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:50:39.0799 1552 SNMPTRAP - ok
22:50:39.0846 1552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:50:39.0846 1552 spldr - ok
22:50:39.0908 1552 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:50:39.0908 1552 Spooler - ok
22:50:40.0126 1552 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:50:40.0158 1552 sppsvc - ok
22:50:40.0220 1552 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:50:40.0267 1552 sppuinotify - ok
22:50:40.0314 1552 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
22:50:40.0329 1552 SRTSP - ok
22:50:40.0392 1552 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
22:50:40.0423 1552 SRTSPL - ok
22:50:40.0454 1552 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
22:50:40.0454 1552 SRTSPX - ok
22:50:40.0516 1552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:50:40.0516 1552 srv - ok
22:50:40.0579 1552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:50:40.0579 1552 srv2 - ok
22:50:40.0594 1552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:50:40.0610 1552 srvnet - ok
22:50:40.0641 1552 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:50:40.0641 1552 SSDPSRV - ok
22:50:40.0657 1552 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:50:40.0657 1552 SstpSvc - ok
22:50:40.0719 1552 Steam Client Service - ok
22:50:40.0735 1552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:50:40.0750 1552 stexstor - ok
22:50:40.0797 1552 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:50:40.0797 1552 stisvc - ok
22:50:40.0828 1552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:50:40.0875 1552 swenum - ok
22:50:40.0922 1552 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:50:40.0969 1552 swprv - ok
22:50:41.0109 1552 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
22:50:41.0140 1552 Symantec AntiVirus - ok
22:50:41.0250 1552 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:50:41.0312 1552 SymEvent - ok
22:50:41.0437 1552 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:50:41.0452 1552 SysMain - ok
22:50:41.0530 1552 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:50:41.0577 1552 TabletInputService - ok
22:50:41.0655 1552 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:50:41.0655 1552 TapiSrv - ok
22:50:41.0686 1552 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:50:41.0702 1552 TBS - ok
22:50:41.0858 1552 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:50:41.0874 1552 Tcpip - ok
22:50:42.0030 1552 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:50:42.0030 1552 TCPIP6 - ok
22:50:42.0092 1552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:50:42.0092 1552 tcpipreg - ok
22:50:42.0108 1552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:50:42.0123 1552 TDPIPE - ok
22:50:42.0154 1552 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:50:42.0170 1552 TDTCP - ok
22:50:42.0217 1552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:50:42.0248 1552 tdx - ok
22:50:42.0295 1552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:50:42.0310 1552 TermDD - ok
22:50:42.0373 1552 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:50:42.0420 1552 TermService - ok
22:50:42.0435 1552 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:50:42.0482 1552 Themes - ok
22:50:42.0513 1552 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:50:42.0529 1552 THREADORDER - ok
22:50:42.0544 1552 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:50:42.0544 1552 TrkWks - ok
22:50:42.0591 1552 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:50:42.0607 1552 TrustedInstaller - ok
22:50:42.0638 1552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:42.0638 1552 tssecsrv - ok
22:50:42.0685 1552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:50:42.0685 1552 TsUsbFlt - ok
22:50:42.0732 1552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:50:42.0794 1552 tunnel - ok
22:50:42.0841 1552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:50:42.0872 1552 uagp35 - ok
22:50:42.0903 1552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:50:42.0919 1552 udfs - ok
22:50:42.0934 1552 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:50:42.0950 1552 UI0Detect - ok
22:50:42.0981 1552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:50:42.0997 1552 uliagpkx - ok
22:50:43.0044 1552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:50:43.0044 1552 umbus - ok
22:50:43.0075 1552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:50:43.0075 1552 UmPass - ok
22:50:43.0122 1552 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:50:43.0122 1552 upnphost - ok
22:50:43.0153 1552 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:50:43.0168 1552 USBAAPL64 - ok
22:50:43.0184 1552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:43.0200 1552 usbccgp - ok
22:50:43.0231 1552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:50:43.0246 1552 usbcir - ok
22:50:43.0278 1552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:50:43.0278 1552 usbehci - ok
22:50:43.0309 1552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:50:43.0324 1552 usbhub - ok
22:50:43.0340 1552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:50:43.0340 1552 usbohci - ok
22:50:43.0371 1552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:50:43.0387 1552 usbprint - ok
22:50:43.0402 1552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:50:43.0418 1552 usbscan - ok
22:50:43.0418 1552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:43.0434 1552 USBSTOR - ok
22:50:43.0449 1552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:50:43.0465 1552 usbuhci - ok
22:50:43.0480 1552 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:50:43.0512 1552 UxSms - ok
22:50:43.0558 1552 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:43.0558 1552 VaultSvc - ok
22:50:43.0574 1552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:50:43.0574 1552 vdrvroot - ok
22:50:43.0636 1552 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:50:43.0668 1552 vds - ok
22:50:43.0699 1552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:43.0699 1552 vga - ok
22:50:43.0730 1552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:50:43.0746 1552 VgaSave - ok
22:50:43.0777 1552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:50:43.0792 1552 vhdmp - ok
22:50:43.0824 1552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:50:43.0839 1552 viaide - ok
22:50:43.0855 1552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:50:43.0855 1552 volmgr - ok
22:50:43.0902 1552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:50:43.0917 1552 volmgrx - ok
22:50:43.0933 1552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:50:43.0933 1552 volsnap - ok
22:50:43.0948 1552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:43.0964 1552 vsmraid - ok
22:50:44.0073 1552 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:50:44.0151 1552 VSS - ok
22:50:44.0276 1552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:50:44.0276 1552 vwifibus - ok
22:50:44.0323 1552 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:50:44.0338 1552 W32Time - ok
22:50:44.0338 1552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:50:44.0354 1552 WacomPen - ok
22:50:44.0401 1552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:44.0416 1552 WANARP - ok
22:50:44.0432 1552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:44.0432 1552 Wanarpv6 - ok
22:50:44.0541 1552 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:50:44.0791 1552 WatAdminSvc - ok
22:50:44.0947 1552 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:50:45.0072 1552 wbengine - ok
22:50:45.0150 1552 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:50:45.0196 1552 WbioSrvc - ok
22:50:45.0243 1552 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:50:45.0274 1552 wcncsvc - ok
22:50:45.0306 1552 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:50:45.0321 1552 WcsPlugInService - ok
22:50:45.0368 1552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:50:45.0384 1552 Wd - ok
22:50:45.0446 1552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:50:45.0462 1552 Wdf01000 - ok
22:50:45.0477 1552 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:45.0477 1552 WdiServiceHost - ok
22:50:45.0477 1552 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:45.0477 1552 WdiSystemHost - ok
22:50:45.0524 1552 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:50:45.0524 1552 WebClient - ok
22:50:45.0555 1552 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:50:45.0586 1552 Wecsvc - ok
22:50:45.0602 1552 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:50:45.0602 1552 wercplsupport - ok
22:50:45.0633 1552 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:50:45.0633 1552 WerSvc - ok
22:50:45.0664 1552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:45.0680 1552 WfpLwf - ok
22:50:45.0711 1552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:50:45.0711 1552 WIMMount - ok
22:50:45.0789 1552 WinDefend - ok
22:50:45.0805 1552 WinHttpAutoProxySvc - ok
22:50:45.0867 1552 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:50:45.0867 1552 Winmgmt - ok
22:50:46.0008 1552 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:50:46.0054 1552 WinRM - ok
22:50:46.0195 1552 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:46.0210 1552 WinUsb - ok
22:50:46.0288 1552 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:50:46.0320 1552 Wlansvc - ok
22:50:46.0522 1552 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:50:46.0538 1552 wlidsvc - ok
22:50:46.0616 1552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:50:46.0632 1552 WmiAcpi - ok
22:50:46.0694 1552 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:46.0710 1552 wmiApSrv - ok
22:50:46.0741 1552 WMPNetworkSvc - ok
22:50:46.0772 1552 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:50:46.0834 1552 WPCSvc - ok
22:50:46.0881 1552 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:50:46.0881 1552 WPDBusEnum - ok
22:50:46.0912 1552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:46.0912 1552 ws2ifsl - ok
22:50:46.0975 1552 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:50:46.0975 1552 wscsvc - ok
22:50:46.0975 1552 WSearch - ok
22:50:47.0131 1552 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:50:47.0162 1552 wuauserv - ok
22:50:47.0287 1552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:50:47.0318 1552 WudfPf - ok
22:50:47.0334 1552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:47.0334 1552 WUDFRd - ok
22:50:47.0380 1552 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:50:47.0412 1552 wudfsvc - ok
22:50:47.0443 1552 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:50:47.0474 1552 WwanSvc - ok
22:50:47.0505 1552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:50:47.0568 1552 \Device\Harddisk0\DR0 - ok
22:50:47.0568 1552 Boot (0x1200) (64d62d7edf746ce3c8ec88750a07cfc6) \Device\Harddisk0\DR0\Partition0
22:50:47.0568 1552 \Device\Harddisk0\DR0\Partition0 - ok
22:50:47.0599 1552 Boot (0x1200) (837166823f8125234e9447aedcc86f9b) \Device\Harddisk0\DR0\Partition1
22:50:47.0599 1552 \Device\Harddisk0\DR0\Partition1 - ok
22:50:47.0599 1552 ============================================================
22:50:47.0599 1552 Scan finished
22:50:47.0599 1552 ============================================================
22:50:47.0614 1992 Detected object count: 0
22:50:47.0614 1992 Actual detected object count: 0
22:51:01.0966 5052 Deinitialize success


ComboFix:


ComboFix 12-05-07.03 - mmcook 05/07/2012 22:58:49.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2664 [GMT -4:00]
Running from: c:\users\mmcook\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 03:25 . 2012-05-08 03:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-08 03:25 . 2012-05-08 03:25 -------- d-----w- c:\users\Meeples\AppData\Local\temp
2012-05-08 03:25 . 2012-05-08 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 03:25 . 2012-05-08 03:25 -------- d-----w- c:\users\Andrew & Connor\AppData\Local\temp
2012-05-07 20:44 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2B35F09-B153-4D62-9C9F-D915FF30052A}\mpengine.dll
2012-05-06 04:06 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-06 01:49 . 2012-05-04 15:38 460888 ----a-w- c:\windows\system32\drivers\62853215.sys
2012-05-01 02:27 . 2012-05-01 02:26 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCEAC06F-9C69-4A53-87C7-2BB1432048C4}\gapaengine.dll
2012-04-20 20:00 . 2012-04-20 20:00 -------- d-----w- c:\program files\iTunes
2012-04-20 20:00 . 2012-04-20 20:00 -------- d-----w- c:\program files (x86)\iTunes
2012-04-20 20:00 . 2012-04-20 20:00 -------- d-----w- c:\program files\iPod
2012-04-18 22:28 . 2012-05-06 14:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-18 01:48 . 2012-04-18 01:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-17 04:43 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-17 04:43 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-17 04:43 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-17 02:58 . 2012-04-17 02:58 -------- d-----w- c:\program files (x86)\ESET
2012-04-16 03:53 . 2012-04-16 03:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-14 00:26 . 2012-04-14 00:26 -------- d-----w- c:\users\mmcook\transfer
2012-04-13 22:26 . 2012-04-13 22:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 23:42 . 2012-05-02 03:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-09 23:42 . 2012-05-02 03:21 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 14:11 . 2011-06-22 23:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:48 . 2010-07-13 00:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2009-12-06 18:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2011-04-27 19:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2011-04-18 17:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-17 06:38 . 2012-03-14 07:16 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:16 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 07:17 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 07:17 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-12-04 115560]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Andrew & Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Meeples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
_uninst_48613200.lnk - c:\users\mmcook\AppData\Local\Temp\_uninst_48613200.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S0 62853215;62853215;c:\windows\system32\DRIVERS\62853215.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2341466117-3050677054-3231783024-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,15,ac,b2,1a,3b,31,5c,89,b0,cd,56,20,81,76,1c,ad,8a,cf,7f,08,
bc,6f,c4,b0,02,41,5e,0f,84,04,85,df,fe,c9,ac,80,13,0a,f6,13,7e,74,30,9b,15,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-05-07 23:33:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 03:33
.
Pre-Run: 481,557,184,512 bytes free
Post-Run: 481,799,290,880 bytes free
.
- - End Of File - - 304B020D1E49747049D4FE53ED535327


As far as how the computer is doing now, I haven't been redirected or seen the pop-up today. But I also haven't done much internet browsing. I will let you know if I experience something.

#6 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 08 May 2012 - 09:57 PM

I'm afraid I'm still having the same issues. Got one redirect just a minute ago, and also have seen the stupid pop-up this evening.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 AM

Posted 10 May 2012 - 04:52 PM

Hello,

1.
Are you connected to the internet through a router? IF so we need to reset that router.
How to reset your Router.

2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

4.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
yorkyt.exe log
RogueKiller log
OTl.txt
Extra.txt
Still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 AM

Posted 13 May 2012 - 10:20 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 13 May 2012 - 03:29 PM

I apologize for my absence. I've been unable to do anything with my computer all weekend. Here is all the requested information. I'm putting the logs in sequential posts to hopefully make them easier to read.

(1) I did reset the Router. This did not fix either the redirect or the pop-up issue, as I experienced both almost immediately after re-establishing my internet connection. In fact, the pop-up seemed almost worse, as it was coming up almost every time I clicked a link.

(2) youkyt.exe log:

2012-05-13 15:47:18: ****************************************************
2012-05-13 15:47:18: Starting UP ... v 0.0.0.220
2012-05-13 15:47:18: ****************************************************
2012-05-13 15:47:19: Stop TPSRV returns: 2
2012-05-13 15:47:34: Listing processes...
2012-05-13 15:47:34: :[System Process]:0
2012-05-13 15:47:34: :System:4
2012-05-13 15:47:34: :smss.exe:284
2012-05-13 15:47:34: :csrss.exe:408
2012-05-13 15:47:34: :wininit.exe:468
2012-05-13 15:47:34: :csrss.exe:488
2012-05-13 15:47:34: :winlogon.exe:548
2012-05-13 15:47:34: :services.exe:576
2012-05-13 15:47:34: :lsass.exe:584
2012-05-13 15:47:34: :lsm.exe:592
2012-05-13 15:47:34: :svchost.exe:696
2012-05-13 15:47:34: :svchost.exe:776
2012-05-13 15:47:34: :MsMpEng.exe:820
2012-05-13 15:47:34: :svchost.exe:944
2012-05-13 15:47:34: :svchost.exe:976
2012-05-13 15:47:34: :svchost.exe:1012
2012-05-13 15:47:34: :audiodg.exe:424
2012-05-13 15:47:34: :svchost.exe:520
2012-05-13 15:47:34: :DockLogin.exe:1028
2012-05-13 15:47:34: :svchost.exe:1224
2012-05-13 15:47:34: :ccSvcHst.exe:1280
2012-05-13 15:47:34: :spoolsv.exe:1564
2012-05-13 15:47:34: :svchost.exe:1596
2012-05-13 15:47:34: :NetworkLicenseServer.exe:1928
2012-05-13 15:47:34: :AERTSr64.exe:1948
2012-05-13 15:47:34: :AppleMobileDeviceService.exe:1972
2012-05-13 15:47:34: :mDNSResponder.exe:2044
2012-05-13 15:47:34: :E_S50STB.EXE:1288
2012-05-13 15:47:34: :E_S50RPB.EXE:1396
2012-05-13 15:47:34: :McciCMService.exe:1432
2012-05-13 15:47:34: :McciCMService.exe:1132
2012-05-13 15:47:34: :svchost.exe:924
2012-05-13 15:47:34: :svchost.exe:324
2012-05-13 15:47:34: :SeaPort.EXE:992
2012-05-13 15:47:34: :WLIDSVC.EXE:1912
2012-05-13 15:47:34: :nmsrvc.exe:2120
2012-05-13 15:47:34: :WLIDSVCM.EXE:2168
2012-05-13 15:47:34: :WUDFHost.exe:2660
2012-05-13 15:47:34: :svchost.exe:3052
2012-05-13 15:47:34: :wmpnetwk.exe:1816
2012-05-13 15:47:34: :WmiPrvSE.exe:2880
2012-05-13 15:47:34: :SearchIndexer.exe:1120
2012-05-13 15:47:34: :taskhost.exe:2376
2012-05-13 15:47:34: :dwm.exe:2740
2012-05-13 15:47:34: :explorer.exe:2052
2012-05-13 15:47:34: :igfxtray.exe:416
2012-05-13 15:47:34: :hkcmd.exe:2084
2012-05-13 15:47:34: :igfxpers.exe:712
2012-05-13 15:47:34: :RAVCpl64.exe:2888
2012-05-13 15:47:34: :igfxsrvc.exe:3076
2012-05-13 15:47:34: :msseces.exe:3096
2012-05-13 15:47:34: :ISUSPM.exe:3152
2012-05-13 15:47:34: :ONENOTEM.EXE:3260
2012-05-13 15:47:34: :PDVDDXSrv.exe:3312
2012-05-13 15:47:34: :Acrotray.exe:3356
2012-05-13 15:47:34: :concentr.exe:3368
2012-05-13 15:47:34: :nmctxth.exe:3400
2012-05-13 15:47:34: :EEventManager.exe:3416
2012-05-13 15:47:34: :iTunesHelper.exe:3528
2012-05-13 15:47:34: :wfcrun32.exe:3696
2012-05-13 15:47:34: :svchost.exe:3712
2012-05-13 15:47:34: :iPodService.exe:3952
2012-05-13 15:47:34: :FNPLicensingService.exe:3992
2012-05-13 15:47:34: :svchost.exe:3188
2012-05-13 15:47:34: :dllhost.exe:4244
2012-05-13 15:47:34: :SearchProtocolHost.exe:4560
2012-05-13 15:47:34: :TrustedInstaller.exe:3848
2012-05-13 15:47:34: :iexplore.exe:4988
2012-05-13 15:47:34: :iexplore.exe:3536
2012-05-13 15:47:34: :iexplore.exe:4144
2012-05-13 15:47:34: :yorkyt.exe:4692
2012-05-13 15:47:34: :WmiPrvSE.exe:1892
2012-05-13 15:47:34: :SearchFilterHost.exe:2368
2012-05-13 15:47:34:
2012-05-13 15:47:34: Setting restore point
2012-05-13 15:48:01: RUN mode
2012-05-13 15:48:01: Determining autonomous or dropped mode...
2012-05-13 15:48:01: Autonomus mode
2012-05-13 15:48:01: ---------------------------------------------------------------------
2012-05-13 15:48:01: Found Service: AeLookupSvc
2012-05-13 15:48:01: Real Path: C:\Windows\System32\aelupsvc.dll
2012-05-13 15:48:01: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-05-13 15:48:01: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-05-13 15:48:01: ServiceDLL: System32\aelupsvc.dll
2012-05-13 15:48:01: File size: 0
2012-05-13 15:48:01: DLL File name: aelupsvc.dll
2012-05-13 15:48:01: Original File Name: aelupsvc.dll.mui
2012-05-13 15:48:01: Company:
2012-05-13 15:48:01: Mod/Cre/Acc time:
2012-05-13 15:48:01: ---------------------------------------------------------------------
2012-05-13 15:48:01: Found Service: AppIDSvc
2012-05-13 15:48:01: Real Path: C:\Windows\System32\appidsvc.dll
2012-05-13 15:48:01: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-05-13 15:48:01: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-05-13 15:48:01: ServiceDLL: System32\appidsvc.dll
2012-05-13 15:48:01: File size: 0
2012-05-13 15:48:01: DLL File name: appidsvc.dll
2012-05-13 15:48:01: Original File Name: appidsvc.dll.mui
2012-05-13 15:48:01: Company:
2012-05-13 15:48:01: Mod/Cre/Acc time:
2012-05-13 15:48:01: ---------------------------------------------------------------------
2012-05-13 15:48:01: Found Service: Appinfo
2012-05-13 15:48:01: Real Path: C:\Windows\System32\appinfo.dll
2012-05-13 15:48:01: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-05-13 15:48:01: Description: @%systemroot%\system32\appinfo.dll,-101
2012-05-13 15:48:01: ServiceDLL: System32\appinfo.dll
2012-05-13 15:48:01: File size: 0
2012-05-13 15:48:01: DLL File name: appinfo.dll
2012-05-13 15:48:01: Original File Name: appinfo.dll.mui
2012-05-13 15:48:01: Company:
2012-05-13 15:48:01: Mod/Cre/Acc time:
2012-05-13 15:48:01: !!!!!!!
2012-05-13 15:48:01: Found Service: AppMgmt
2012-05-13 15:48:01: Real Path: C:\Windows\System32\appmgmts.dll
2012-05-13 15:48:01: Display Name:
2012-05-13 15:48:01: Description:
2012-05-13 15:48:01: ServiceDLL: System32\appmgmts.dll
2012-05-13 15:48:01: File size: 0
2012-05-13 15:48:01: DLL File name: appmgmts.dll
2012-05-13 15:48:01: Original File Name:
2012-05-13 15:48:01: Company:
2012-05-13 15:48:01: Mod/Cre/Acc time:
2012-05-13 15:48:01: !!!!!!!!!
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: AudioEndpointBuilder
2012-05-13 15:48:02: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-05-13 15:48:02: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-05-13 15:48:02: ServiceDLL: System32\Audiosrv.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: Audiosrv.dll
2012-05-13 15:48:02: Original File Name: audiosrv.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: AudioSrv
2012-05-13 15:48:02: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-05-13 15:48:02: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-05-13 15:48:02: ServiceDLL: System32\Audiosrv.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: Audiosrv.dll
2012-05-13 15:48:02: Original File Name: audiosrv.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: AxInstSV
2012-05-13 15:48:02: Real Path: C:\Windows\System32\AxInstSV.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-05-13 15:48:02: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-05-13 15:48:02: ServiceDLL: System32\AxInstSV.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: AxInstSV.dll
2012-05-13 15:48:02: Original File Name: AxInstSv.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: BDESVC
2012-05-13 15:48:02: Real Path: C:\Windows\System32\bdesvc.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-05-13 15:48:02: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-05-13 15:48:02: ServiceDLL: System32\bdesvc.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: bdesvc.dll
2012-05-13 15:48:02: Original File Name: BDESVC.DLL.MUI
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: BFE
2012-05-13 15:48:02: Real Path: C:\Windows\System32\bfe.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-05-13 15:48:02: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-05-13 15:48:02: ServiceDLL: System32\bfe.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: bfe.dll
2012-05-13 15:48:02: Original File Name: BFE.DLL.MUI
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: BITS
2012-05-13 15:48:02: Real Path: C:\Windows\system32\qmgr.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-05-13 15:48:02: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-05-13 15:48:02: ServiceDLL: system32\qmgr.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: qmgr.dll
2012-05-13 15:48:02: Original File Name: qmgr.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: Browser
2012-05-13 15:48:02: Real Path: C:\Windows\System32\browser.dll
2012-05-13 15:48:02: Display Name: @%systemroot%\system32\browser.dll,-100
2012-05-13 15:48:02: Description: @%systemroot%\system32\browser.dll,-101
2012-05-13 15:48:02: ServiceDLL: System32\browser.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: browser.dll
2012-05-13 15:48:02: Original File Name: browser.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: bthserv
2012-05-13 15:48:02: Real Path: C:\Windows\system32\bthserv.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-05-13 15:48:02: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-05-13 15:48:02: ServiceDLL: system32\bthserv.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: bthserv.dll
2012-05-13 15:48:02: Original File Name: BTHSERV.DLL.MUI
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: CertPropSvc
2012-05-13 15:48:02: Real Path: C:\Windows\System32\certprop.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-05-13 15:48:02: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-05-13 15:48:02: ServiceDLL: System32\certprop.dll
2012-05-13 15:48:02: File size: 0
2012-05-13 15:48:02: DLL File name: certprop.dll
2012-05-13 15:48:02: Original File Name: certprop.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time:
2012-05-13 15:48:02: ---------------------------------------------------------------------
2012-05-13 15:48:02: Found Service: CryptSvc
2012-05-13 15:48:02: Real Path: C:\Windows\system32\cryptsvc.dll
2012-05-13 15:48:02: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-05-13 15:48:02: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-05-13 15:48:02: ServiceDLL: system32\cryptsvc.dll
2012-05-13 15:48:02: File size: 136192
2012-05-13 15:48:02: DLL File name: cryptsvc.dll
2012-05-13 15:48:02: Original File Name: cryptsvc.dll.mui
2012-05-13 15:48:02: Company:
2012-05-13 15:48:02: Mod/Cre/Acc time: 20101120081824 20110611193104 20110611193104
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: DcomLaunch
2012-05-13 15:48:03: Real Path: C:\Windows\system32\rpcss.dll
2012-05-13 15:48:03: Display Name: @oleres.dll,-5012
2012-05-13 15:48:03: Description: @oleres.dll,-5013
2012-05-13 15:48:03: ServiceDLL: system32\rpcss.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: rpcss.dll
2012-05-13 15:48:03: Original File Name: rpcss.dll
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: defragsvc
2012-05-13 15:48:03: Real Path: C:\Windows\System32\defragsvc.dll
2012-05-13 15:48:03: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-05-13 15:48:03: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-05-13 15:48:03: ServiceDLL: System32\defragsvc.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: defragsvc.dll
2012-05-13 15:48:03: Original File Name: defragsvc.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: Dhcp
2012-05-13 15:48:03: Real Path: C:\Windows\system32\dhcpcore.dll
2012-05-13 15:48:03: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-05-13 15:48:03: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-05-13 15:48:03: ServiceDLL: system32\dhcpcore.dll
2012-05-13 15:48:03: File size: 254464
2012-05-13 15:48:03: DLL File name: dhcpcore.dll
2012-05-13 15:48:03: Original File Name: dhcpcore.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time: 20101120081830 20110611193110 20110611193110
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: Dnscache
2012-05-13 15:48:03: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-05-13 15:48:03: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-05-13 15:48:03: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-05-13 15:48:03: ServiceDLL: System32\dnsrslvr.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: dnsrslvr.dll
2012-05-13 15:48:03: Original File Name: dnsrslvr.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: dot3svc
2012-05-13 15:48:03: Real Path: C:\Windows\System32\dot3svc.dll
2012-05-13 15:48:03: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-05-13 15:48:03: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-05-13 15:48:03: ServiceDLL: System32\dot3svc.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: dot3svc.dll
2012-05-13 15:48:03: Original File Name: dot3svc.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: DPS
2012-05-13 15:48:03: Real Path: C:\Windows\system32\dps.dll
2012-05-13 15:48:03: Display Name: @%systemroot%\system32\dps.dll,-500
2012-05-13 15:48:03: Description: @%systemroot%\system32\dps.dll,-501
2012-05-13 15:48:03: ServiceDLL: system32\dps.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: dps.dll
2012-05-13 15:48:03: Original File Name: dps.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: EapHost
2012-05-13 15:48:03: Real Path: C:\Windows\System32\eapsvc.dll
2012-05-13 15:48:03: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-05-13 15:48:03: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-05-13 15:48:03: ServiceDLL: System32\eapsvc.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: eapsvc.dll
2012-05-13 15:48:03: Original File Name: eapsvc.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: EventSystem
2012-05-13 15:48:03: Real Path: C:\Windows\system32\es.dll
2012-05-13 15:48:03: Display Name: @comres.dll,-2450
2012-05-13 15:48:03: Description: @comres.dll,-2451
2012-05-13 15:48:03: ServiceDLL: system32\es.dll
2012-05-13 15:48:03: File size: 271360
2012-05-13 15:48:03: DLL File name: es.dll
2012-05-13 15:48:03: Original File Name: ES.DLL
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: fdPHost
2012-05-13 15:48:03: Real Path: C:\Windows\system32\fdPHost.dll
2012-05-13 15:48:03: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-05-13 15:48:03: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-05-13 15:48:03: ServiceDLL: system32\fdPHost.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: fdPHost.dll
2012-05-13 15:48:03: Original File Name: fdPHost.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:03: ---------------------------------------------------------------------
2012-05-13 15:48:03: Found Service: FDResPub
2012-05-13 15:48:03: Real Path: C:\Windows\system32\fdrespub.dll
2012-05-13 15:48:03: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-05-13 15:48:03: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-05-13 15:48:03: ServiceDLL: system32\fdrespub.dll
2012-05-13 15:48:03: File size: 0
2012-05-13 15:48:03: DLL File name: fdrespub.dll
2012-05-13 15:48:03: Original File Name: FDResPub.dll.mui
2012-05-13 15:48:03: Company:
2012-05-13 15:48:03: Mod/Cre/Acc time:
2012-05-13 15:48:04: !!!!!!!
2012-05-13 15:48:04: Found Service: FontCache
2012-05-13 15:48:04: Real Path: C:\Windows\system32\FntCache.dll
2012-05-13 15:48:04: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-05-13 15:48:04: Description: @%systemroot%\system32\FntCache.dll,-101
2012-05-13 15:48:04: ServiceDLL: system32\FntCache.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: FntCache.dll
2012-05-13 15:48:04: Original File Name: FontCacheService
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:04: !!!!!!!!!
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: gpsvc
2012-05-13 15:48:04: Real Path: C:\Windows\System32\gpsvc.dll
2012-05-13 15:48:04: Display Name: @gpapi.dll,-112
2012-05-13 15:48:04: Description: @gpapi.dll,-113
2012-05-13 15:48:04: ServiceDLL: System32\gpsvc.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: gpsvc.dll
2012-05-13 15:48:04: Original File Name: gpsvc.dll.mui
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: hidserv
2012-05-13 15:48:04: Real Path: C:\Windows\System32\hidserv.dll
2012-05-13 15:48:04: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-05-13 15:48:04: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-05-13 15:48:04: ServiceDLL: System32\hidserv.dll
2012-05-13 15:48:04: File size: 49152
2012-05-13 15:48:04: DLL File name: hidserv.dll
2012-05-13 15:48:04: Original File Name: HIDSERV.DLL.MUI
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: hkmsvc
2012-05-13 15:48:04: Real Path: C:\Windows\system32\kmsvc.dll
2012-05-13 15:48:04: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-05-13 15:48:04: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-05-13 15:48:04: ServiceDLL: system32\kmsvc.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: kmsvc.dll
2012-05-13 15:48:04: Original File Name: KmSvc.DLL.MUI
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: HomeGroupListener
2012-05-13 15:48:04: Real Path: C:\Windows\system32\ListSvc.dll
2012-05-13 15:48:04: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-05-13 15:48:04: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-05-13 15:48:04: ServiceDLL: system32\ListSvc.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: ListSvc.dll
2012-05-13 15:48:04: Original File Name: ListSvc.dll.mui
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: HomeGroupProvider
2012-05-13 15:48:04: Real Path: C:\Windows\system32\provsvc.dll
2012-05-13 15:48:04: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-05-13 15:48:04: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-05-13 15:48:04: ServiceDLL: system32\provsvc.dll
2012-05-13 15:48:04: File size: 165376
2012-05-13 15:48:04: DLL File name: provsvc.dll
2012-05-13 15:48:04: Original File Name: provsvc.dll.mui
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time: 20101120082057 20110611193024 20110611193024
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: IKEEXT
2012-05-13 15:48:04: Real Path: C:\Windows\System32\ikeext.dll
2012-05-13 15:48:04: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-05-13 15:48:04: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-05-13 15:48:04: ServiceDLL: System32\ikeext.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: ikeext.dll
2012-05-13 15:48:04: Original File Name: IKEEXT.DLL.MUI
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: IPBusEnum
2012-05-13 15:48:04: Real Path: C:\Windows\system32\ipbusenum.dll
2012-05-13 15:48:04: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-05-13 15:48:04: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-05-13 15:48:04: ServiceDLL: system32\ipbusenum.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: ipbusenum.dll
2012-05-13 15:48:04: Original File Name: IPBusEnum.dll.mui
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:04: ---------------------------------------------------------------------
2012-05-13 15:48:04: Found Service: iphlpsvc
2012-05-13 15:48:04: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-05-13 15:48:04: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-05-13 15:48:04: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-05-13 15:48:04: ServiceDLL: System32\iphlpsvc.dll
2012-05-13 15:48:04: File size: 0
2012-05-13 15:48:04: DLL File name: iphlpsvc.dll
2012-05-13 15:48:04: Original File Name: iphlpsvc.dll.mui
2012-05-13 15:48:04: Company:
2012-05-13 15:48:04: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: KtmRm
2012-05-13 15:48:05: Real Path: C:\Windows\system32\msdtckrm.dll
2012-05-13 15:48:05: Display Name: @comres.dll,-2946
2012-05-13 15:48:05: Description: @comres.dll,-2947
2012-05-13 15:48:05: ServiceDLL: system32\msdtckrm.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: msdtckrm.dll
2012-05-13 15:48:05: Original File Name: MSDTCKRM.DLL
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: LanmanServer
2012-05-13 15:48:05: Real Path: C:\Windows\System32\srvsvc.dll
2012-05-13 15:48:05: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-05-13 15:48:05: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-05-13 15:48:05: ServiceDLL: System32\srvsvc.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: srvsvc.dll
2012-05-13 15:48:05: Original File Name: SRVSVC.DLL.MUI
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: LanmanWorkstation
2012-05-13 15:48:05: Real Path: C:\Windows\System32\wkssvc.dll
2012-05-13 15:48:05: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-05-13 15:48:05: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-05-13 15:48:05: ServiceDLL: System32\wkssvc.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: wkssvc.dll
2012-05-13 15:48:05: Original File Name: WKSSVC.DLL.MUI
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: lltdsvc
2012-05-13 15:48:05: Real Path: C:\Windows\System32\lltdsvc.dll
2012-05-13 15:48:05: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-05-13 15:48:05: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-05-13 15:48:05: ServiceDLL: System32\lltdsvc.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: lltdsvc.dll
2012-05-13 15:48:05: Original File Name: LLTDSVC.DLL
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: lmhosts
2012-05-13 15:48:05: Real Path: C:\Windows\System32\lmhsvc.dll
2012-05-13 15:48:05: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-05-13 15:48:05: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-05-13 15:48:05: ServiceDLL: System32\lmhsvc.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: lmhsvc.dll
2012-05-13 15:48:05: Original File Name: lmhsvc.dll.mui
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: Mcx2Svc
2012-05-13 15:48:05: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-05-13 15:48:05: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-05-13 15:48:05: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-05-13 15:48:05: ServiceDLL: system32\Mcx2Svc.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: Mcx2Svc.dll
2012-05-13 15:48:05: Original File Name: Mcx2Svc.dll
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: MMCSS
2012-05-13 15:48:05: Real Path: C:\Windows\system32\mmcss.dll
2012-05-13 15:48:05: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-05-13 15:48:05: Description: @%systemroot%\system32\mmcss.dll,-101
2012-05-13 15:48:05: ServiceDLL: system32\mmcss.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: mmcss.dll
2012-05-13 15:48:05: Original File Name: mmcss.dll.mui
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:05: ---------------------------------------------------------------------
2012-05-13 15:48:05: Found Service: MpsSvc
2012-05-13 15:48:05: Real Path: C:\Windows\system32\mpssvc.dll
2012-05-13 15:48:05: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-05-13 15:48:05: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-05-13 15:48:05: ServiceDLL: system32\mpssvc.dll
2012-05-13 15:48:05: File size: 0
2012-05-13 15:48:05: DLL File name: mpssvc.dll
2012-05-13 15:48:05: Original File Name: mpssvc.dll.mui
2012-05-13 15:48:05: Company:
2012-05-13 15:48:05: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: MSiSCSI
2012-05-13 15:48:06: Real Path: C:\Windows\system32\iscsiexe.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-05-13 15:48:06: ServiceDLL: system32\iscsiexe.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: iscsiexe.dll
2012-05-13 15:48:06: Original File Name: iscsiexe.exe.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: napagent
2012-05-13 15:48:06: Real Path: C:\Windows\system32\qagentRT.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-05-13 15:48:06: ServiceDLL: system32\qagentRT.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: qagentRT.dll
2012-05-13 15:48:06: Original File Name: QAgentRT.DLL.MUI
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: Netman
2012-05-13 15:48:06: Real Path: C:\Windows\System32\netman.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\netman.dll,-110
2012-05-13 15:48:06: ServiceDLL: System32\netman.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: netman.dll
2012-05-13 15:48:06: Original File Name: netman.dll.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: netprofm
2012-05-13 15:48:06: Real Path: C:\Windows\System32\netprofm.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-05-13 15:48:06: ServiceDLL: System32\netprofm.dll
2012-05-13 15:48:06: File size: 360448
2012-05-13 15:48:06: DLL File name: netprofm.dll
2012-05-13 15:48:06: Original File Name: netprofm.dll.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: NlaSvc
2012-05-13 15:48:06: Real Path: C:\Windows\System32\nlasvc.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-05-13 15:48:06: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-05-13 15:48:06: ServiceDLL: System32\nlasvc.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: nlasvc.dll
2012-05-13 15:48:06: Original File Name: nlasvc.dll.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: nsi
2012-05-13 15:48:06: Real Path: C:\Windows\system32\nsisvc.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-05-13 15:48:06: ServiceDLL: system32\nsisvc.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: nsisvc.dll
2012-05-13 15:48:06: Original File Name: nsisvc.dll.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: p2pimsvc
2012-05-13 15:48:06: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-05-13 15:48:06: ServiceDLL: system32\pnrpsvc.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: pnrpsvc.dll
2012-05-13 15:48:06: Original File Name: pnrpsvc.dll.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: ---------------------------------------------------------------------
2012-05-13 15:48:06: Found Service: p2psvc
2012-05-13 15:48:06: Real Path: C:\Windows\system32\p2psvc.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-05-13 15:48:06: ServiceDLL: system32\p2psvc.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: p2psvc.dll
2012-05-13 15:48:06: Original File Name: p2psvc.dll.mui
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: !!!!!!!
2012-05-13 15:48:06: Found Service: PcaSvc
2012-05-13 15:48:06: Real Path: C:\Windows\System32\pcasvc.dll
2012-05-13 15:48:06: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-05-13 15:48:06: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-05-13 15:48:06: ServiceDLL: System32\pcasvc.dll
2012-05-13 15:48:06: File size: 0
2012-05-13 15:48:06: DLL File name: pcasvc.dll
2012-05-13 15:48:06: Original File Name:
2012-05-13 15:48:06: Company:
2012-05-13 15:48:06: Mod/Cre/Acc time:
2012-05-13 15:48:06: !!!!!!!!!
2012-05-13 15:48:08: ---------------------------------------------------------------------
2012-05-13 15:48:08: Found Service: pla
2012-05-13 15:48:08: Real Path: C:\Windows\system32\pla.dll
2012-05-13 15:48:08: Display Name: @%systemroot%\system32\pla.dll,-500
2012-05-13 15:48:08: Description: @%systemroot%\system32\pla.dll,-501
2012-05-13 15:48:08: ServiceDLL: system32\pla.dll
2012-05-13 15:48:08: File size: 1508864
2012-05-13 15:48:08: DLL File name: pla.dll
2012-05-13 15:48:08: Original File Name: PLA.DLL.MUI
2012-05-13 15:48:08: Company:
2012-05-13 15:48:08: Mod/Cre/Acc time: 20101120082054 20110611193055 20110611193055
2012-05-13 15:48:08: ---------------------------------------------------------------------
2012-05-13 15:48:08: Found Service: PlugPlay
2012-05-13 15:48:08: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-05-13 15:48:08: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-05-13 15:48:08: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-05-13 15:48:08: ServiceDLL: system32\umpnpmgr.dll
2012-05-13 15:48:08: File size: 0
2012-05-13 15:48:08: DLL File name: umpnpmgr.dll
2012-05-13 15:48:08: Original File Name: Umpnpmgr.DLL.MUI
2012-05-13 15:48:08: Company:
2012-05-13 15:48:08: Mod/Cre/Acc time:
2012-05-13 15:48:08: !!!!!!!
2012-05-13 15:48:08: Found Service: Pml Driver HPZ12
2012-05-13 15:48:08: Real Path: C:\Windows\system32\HPZipm12.dll
2012-05-13 15:48:08: Display Name:
2012-05-13 15:48:08: Description:
2012-05-13 15:48:08: ServiceDLL: system32\HPZipm12.dll
2012-05-13 15:48:08: File size: 0
2012-05-13 15:48:08: DLL File name: HPZipm12.dll
2012-05-13 15:48:08: Original File Name: PmlDrv.DLL
2012-05-13 15:48:08: Company:
2012-05-13 15:48:08: Mod/Cre/Acc time:
2012-05-13 15:48:08: !!!!!!!!!
2012-05-13 15:48:08: ---------------------------------------------------------------------
2012-05-13 15:48:08: Found Service: PNRPAutoReg
2012-05-13 15:48:08: Real Path: C:\Windows\system32\pnrpauto.dll
2012-05-13 15:48:08: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-05-13 15:48:08: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-05-13 15:48:08: ServiceDLL: system32\pnrpauto.dll
2012-05-13 15:48:08: File size: 0
2012-05-13 15:48:08: DLL File name: pnrpauto.dll
2012-05-13 15:48:08: Original File Name: pnrpauto.dll.mui
2012-05-13 15:48:08: Company:
2012-05-13 15:48:08: Mod/Cre/Acc time:
2012-05-13 15:48:08: ---------------------------------------------------------------------
2012-05-13 15:48:08: Found Service: PNRPsvc
2012-05-13 15:48:08: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-13 15:48:08: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-05-13 15:48:08: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-05-13 15:48:08: ServiceDLL: system32\pnrpsvc.dll
2012-05-13 15:48:08: File size: 0
2012-05-13 15:48:08: DLL File name: pnrpsvc.dll
2012-05-13 15:48:08: Original File Name: pnrpsvc.dll.mui
2012-05-13 15:48:08: Company:
2012-05-13 15:48:08: Mod/Cre/Acc time:
2012-05-13 15:48:08: ---------------------------------------------------------------------
2012-05-13 15:48:08: Found Service: PolicyAgent
2012-05-13 15:48:08: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-05-13 15:48:08: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-05-13 15:48:08: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-05-13 15:48:09: ServiceDLL: System32\ipsecsvc.dll
2012-05-13 15:48:09: File size: 0
2012-05-13 15:48:09: DLL File name: ipsecsvc.dll
2012-05-13 15:48:09: Original File Name: ipsecsvc.dll.mui
2012-05-13 15:48:09: Company:
2012-05-13 15:48:09: Mod/Cre/Acc time:
2012-05-13 15:48:09: ---------------------------------------------------------------------
2012-05-13 15:48:09: Found Service: Power
2012-05-13 15:48:09: Real Path: C:\Windows\system32\umpo.dll
2012-05-13 15:48:09: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-05-13 15:48:09: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-05-13 15:48:09: ServiceDLL: system32\umpo.dll
2012-05-13 15:48:09: File size: 0
2012-05-13 15:48:09: DLL File name: umpo.dll
2012-05-13 15:48:09: Original File Name: Umpo.DLL.MUI
2012-05-13 15:48:09: Company:
2012-05-13 15:48:09: Mod/Cre/Acc time:
2012-05-13 15:48:09: ---------------------------------------------------------------------
2012-05-13 15:48:09: Found Service: ProfSvc
2012-05-13 15:48:09: Real Path: C:\Windows\system32\profsvc.dll
2012-05-13 15:48:09: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-05-13 15:48:09: Description: @%systemroot%\system32\profsvc.dll,-301
2012-05-13 15:48:09: ServiceDLL: system32\profsvc.dll
2012-05-13 15:48:09: File size: 0
2012-05-13 15:48:09: DLL File name: profsvc.dll
2012-05-13 15:48:09: Original File Name: ProfSvc.dll.mui
2012-05-13 15:48:09: Company:
2012-05-13 15:48:09: Mod/Cre/Acc time:
2012-05-13 15:48:09: ---------------------------------------------------------------------
2012-05-13 15:48:09: Found Service: QWAVE
2012-05-13 15:48:09: Real Path: C:\Windows\system32\qwave.dll
2012-05-13 15:48:09: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-05-13 15:48:09: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-05-13 15:48:09: ServiceDLL: system32\qwave.dll
2012-05-13 15:48:09: File size: 210944
2012-05-13 15:48:09: DLL File name: qwave.dll
2012-05-13 15:48:09: Original File Name: qwave.dll.mui
2012-05-13 15:48:09: Company:
2012-05-13 15:48:09: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-05-13 15:48:09: ---------------------------------------------------------------------
2012-05-13 15:48:09: Found Service: RasAuto
2012-05-13 15:48:09: Real Path: C:\Windows\System32\rasauto.dll
2012-05-13 15:48:09: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-05-13 15:48:09: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-05-13 15:48:09: ServiceDLL: System32\rasauto.dll
2012-05-13 15:48:09: File size: 0
2012-05-13 15:48:09: DLL File name: rasauto.dll
2012-05-13 15:48:09: Original File Name: rasauto.dll.mui
2012-05-13 15:48:09: Company:
2012-05-13 15:48:09: Mod/Cre/Acc time:
2012-05-13 15:48:09: ---------------------------------------------------------------------
2012-05-13 15:48:09: Found Service: RasMan
2012-05-13 15:48:09: Real Path: C:\Windows\System32\rasmans.dll
2012-05-13 15:48:09: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-05-13 15:48:09: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-05-13 15:48:09: ServiceDLL: System32\rasmans.dll
2012-05-13 15:48:09: File size: 0
2012-05-13 15:48:09: DLL File name: rasmans.dll
2012-05-13 15:48:09: Original File Name: Rasmans.dll.mui
2012-05-13 15:48:09: Company:
2012-05-13 15:48:09: Mod/Cre/Acc time:
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: RemoteAccess
2012-05-13 15:48:10: Real Path: C:\Windows\System32\mprdim.dll
2012-05-13 15:48:10: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-05-13 15:48:10: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-05-13 15:48:10: ServiceDLL: System32\mprdim.dll
2012-05-13 15:48:10: File size: 75264
2012-05-13 15:48:10: DLL File name: mprdim.dll
2012-05-13 15:48:10: Original File Name: MPRDIM.DLL.MUI
2012-05-13 15:48:10: Company:
2012-05-13 15:48:10: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: RemoteRegistry
2012-05-13 15:48:10: Real Path: C:\Windows\system32\regsvc.dll
2012-05-13 15:48:10: Display Name: @regsvc.dll,-1
2012-05-13 15:48:10: Description: @regsvc.dll,-2
2012-05-13 15:48:10: ServiceDLL: system32\regsvc.dll
2012-05-13 15:48:10: File size: 0
2012-05-13 15:48:10: DLL File name: regsvc.dll
2012-05-13 15:48:10: Original File Name: REGSVC.DLL.MUI
2012-05-13 15:48:10: Company:
2012-05-13 15:48:10: Mod/Cre/Acc time:
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: RpcEptMapper
2012-05-13 15:48:10: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-05-13 15:48:10: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-05-13 15:48:10: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-05-13 15:48:10: ServiceDLL: System32\RpcEpMap.dll
2012-05-13 15:48:10: File size: 0
2012-05-13 15:48:10: DLL File name: RpcEpMap.dll
2012-05-13 15:48:10: Original File Name: RpcEpMap.dll.mui
2012-05-13 15:48:10: Company:
2012-05-13 15:48:10: Mod/Cre/Acc time:
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: RpcSs
2012-05-13 15:48:10: Real Path: C:\Windows\System32\rpcss.dll
2012-05-13 15:48:10: Display Name: @oleres.dll,-5010
2012-05-13 15:48:10: Description: @oleres.dll,-5011
2012-05-13 15:48:10: ServiceDLL: System32\rpcss.dll
2012-05-13 15:48:10: File size: 0
2012-05-13 15:48:10: DLL File name: rpcss.dll
2012-05-13 15:48:10: Original File Name: rpcss.dll
2012-05-13 15:48:10: Company:
2012-05-13 15:48:10: Mod/Cre/Acc time:
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: SCardSvr
2012-05-13 15:48:10: Real Path: C:\Windows\System32\SCardSvr.dll
2012-05-13 15:48:10: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-05-13 15:48:10: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-05-13 15:48:10: ServiceDLL: System32\SCardSvr.dll
2012-05-13 15:48:10: File size: 0
2012-05-13 15:48:10: DLL File name: SCardSvr.dll
2012-05-13 15:48:10: Original File Name: SCardSvr.exe.mui
2012-05-13 15:48:10: Company:
2012-05-13 15:48:10: Mod/Cre/Acc time:
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: Schedule
2012-05-13 15:48:10: Real Path: C:\Windows\system32\schedsvc.dll
2012-05-13 15:48:10: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-05-13 15:48:10: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-05-13 15:48:10: ServiceDLL: system32\schedsvc.dll
2012-05-13 15:48:10: File size: 0
2012-05-13 15:48:10: DLL File name: schedsvc.dll
2012-05-13 15:48:10: Original File Name: schedsvc.dll.mui
2012-05-13 15:48:10: Company:
2012-05-13 15:48:10: Mod/Cre/Acc time:
2012-05-13 15:48:10: ---------------------------------------------------------------------
2012-05-13 15:48:10: Found Service: SCPolicySvc
2012-05-13 15:48:10: Real Path: C:\Windows\System32\certprop.dll
2012-05-13 15:48:10: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-05-13 15:48:10: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-05-13 15:48:10: ServiceDLL: System32\certprop.dll
2012-05-13 15:48:10: File size: 0
2012-05-13 15:48:10: DLL File name: certprop.dll
2012-05-13 15:48:10: Original File Name: certprop.dll.mui
2012-05-13 15:48:10: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time:
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: SDRSVC
2012-05-13 15:48:11: Real Path: C:\Windows\System32\SDRSVC.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-05-13 15:48:11: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-05-13 15:48:11: ServiceDLL: System32\SDRSVC.dll
2012-05-13 15:48:11: File size: 0
2012-05-13 15:48:11: DLL File name: SDRSVC.dll
2012-05-13 15:48:11: Original File Name: SDRSVC.DLL.MUI
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time:
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: seclogon
2012-05-13 15:48:11: Real Path: C:\Windows\system32\seclogon.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-05-13 15:48:11: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-05-13 15:48:11: ServiceDLL: system32\seclogon.dll
2012-05-13 15:48:11: File size: 0
2012-05-13 15:48:11: DLL File name: seclogon.dll
2012-05-13 15:48:11: Original File Name: SECLOGON.EXE.MUI
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time:
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: SENS
2012-05-13 15:48:11: Real Path: C:\Windows\system32\sens.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-05-13 15:48:11: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-05-13 15:48:11: ServiceDLL: system32\sens.dll
2012-05-13 15:48:11: File size: 49664
2012-05-13 15:48:11: DLL File name: sens.dll
2012-05-13 15:48:11: Original File Name: sens.dll.mui
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: SensrSvc
2012-05-13 15:48:11: Real Path: C:\Windows\system32\sensrsvc.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-05-13 15:48:11: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-05-13 15:48:11: ServiceDLL: system32\sensrsvc.dll
2012-05-13 15:48:11: File size: 0
2012-05-13 15:48:11: DLL File name: sensrsvc.dll
2012-05-13 15:48:11: Original File Name: sensrsvc.dll.mui
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time:
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: SessionEnv
2012-05-13 15:48:11: Real Path: C:\Windows\system32\sessenv.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-05-13 15:48:11: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-05-13 15:48:11: ServiceDLL: system32\sessenv.dll
2012-05-13 15:48:11: File size: 113664
2012-05-13 15:48:11: DLL File name: sessenv.dll
2012-05-13 15:48:11: Original File Name: SessEnv.DLL.MUI
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time: 20101120082108 20110611193117 20110611193117
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: SharedAccess
2012-05-13 15:48:11: Real Path: C:\Windows\System32\ipnathlp.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-05-13 15:48:11: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-05-13 15:48:11: ServiceDLL: System32\ipnathlp.dll
2012-05-13 15:48:11: File size: 0
2012-05-13 15:48:11: DLL File name: ipnathlp.dll
2012-05-13 15:48:11: Original File Name: IPNATHLP.DLL.MUI
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time:
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: ShellHWDetection
2012-05-13 15:48:11: Real Path: C:\Windows\System32\shsvcs.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-05-13 15:48:11: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-05-13 15:48:11: ServiceDLL: System32\shsvcs.dll
2012-05-13 15:48:11: File size: 328192
2012-05-13 15:48:11: DLL File name: shsvcs.dll
2012-05-13 15:48:11: Original File Name: SHSVCS.DLL.MUI
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time: 20101120082119 20110611193052 20110611193052
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: sppuinotify
2012-05-13 15:48:11: Real Path: C:\Windows\system32\sppuinotify.dll
2012-05-13 15:48:11: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-05-13 15:48:11: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-05-13 15:48:11: ServiceDLL: system32\sppuinotify.dll
2012-05-13 15:48:11: File size: 0
2012-05-13 15:48:11: DLL File name: sppuinotify.dll
2012-05-13 15:48:11: Original File Name: sppuinotify.dll.mui
2012-05-13 15:48:11: Company:
2012-05-13 15:48:11: Mod/Cre/Acc time:
2012-05-13 15:48:11: ---------------------------------------------------------------------
2012-05-13 15:48:11: Found Service: SSDPSRV
2012-05-13 15:48:12: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-05-13 15:48:12: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-05-13 15:48:12: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-05-13 15:48:12: ServiceDLL: System32\ssdpsrv.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: ssdpsrv.dll
2012-05-13 15:48:12: Original File Name: ssdpsrv.dll.mui
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: SstpSvc
2012-05-13 15:48:12: Real Path: C:\Windows\system32\sstpsvc.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-05-13 15:48:12: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-05-13 15:48:12: ServiceDLL: system32\sstpsvc.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: sstpsvc.dll
2012-05-13 15:48:12: Original File Name: sstpsvc.dll.mui
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: stisvc
2012-05-13 15:48:12: Real Path: C:\Windows\System32\wiaservc.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-05-13 15:48:12: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-05-13 15:48:12: ServiceDLL: System32\wiaservc.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: wiaservc.dll
2012-05-13 15:48:12: Original File Name: WIASERVC.DLL.MUI
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: swprv
2012-05-13 15:48:12: Real Path: C:\Windows\System32\swprv.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-05-13 15:48:12: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-05-13 15:48:12: ServiceDLL: System32\swprv.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: swprv.dll
2012-05-13 15:48:12: Original File Name: SWPRV.DLL.MUI
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: SysMain
2012-05-13 15:48:12: Real Path: C:\Windows\system32\sysmain.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-05-13 15:48:12: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-05-13 15:48:12: ServiceDLL: system32\sysmain.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: sysmain.dll
2012-05-13 15:48:12: Original File Name: sysmain.dll.mui
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: TabletInputService
2012-05-13 15:48:12: Real Path: C:\Windows\System32\TabSvc.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-05-13 15:48:12: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-05-13 15:48:12: ServiceDLL: System32\TabSvc.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: TabSvc.dll
2012-05-13 15:48:12: Original File Name: TabSvc.dll.mui
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: TapiSrv
2012-05-13 15:48:12: Real Path: C:\Windows\System32\tapisrv.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-05-13 15:48:12: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-05-13 15:48:12: ServiceDLL: System32\tapisrv.dll
2012-05-13 15:48:12: File size: 242176
2012-05-13 15:48:12: DLL File name: tapisrv.dll
2012-05-13 15:48:12: Original File Name: TAPISRV.EXE.MUI
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time: 20101120082128 20110611193037 20110611193037
2012-05-13 15:48:12: ---------------------------------------------------------------------
2012-05-13 15:48:12: Found Service: TBS
2012-05-13 15:48:12: Real Path: C:\Windows\System32\tbssvc.dll
2012-05-13 15:48:12: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-05-13 15:48:12: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-05-13 15:48:12: ServiceDLL: System32\tbssvc.dll
2012-05-13 15:48:12: File size: 0
2012-05-13 15:48:12: DLL File name: tbssvc.dll
2012-05-13 15:48:12: Original File Name: TBSSVC.DLL.MUI
2012-05-13 15:48:12: Company:
2012-05-13 15:48:12: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: TermService
2012-05-13 15:48:13: Real Path: C:\Windows\System32\termsrv.dll
2012-05-13 15:48:13: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-05-13 15:48:13: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-05-13 15:48:13: ServiceDLL: System32\termsrv.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: termsrv.dll
2012-05-13 15:48:13: Original File Name: termsrv.dll.mui
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: Themes
2012-05-13 15:48:13: Real Path: C:\Windows\system32\themeservice.dll
2012-05-13 15:48:13: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-05-13 15:48:13: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-05-13 15:48:13: ServiceDLL: system32\themeservice.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: themeservice.dll
2012-05-13 15:48:13: Original File Name: THEMESERVICE.DLL.MUI
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: THREADORDER
2012-05-13 15:48:13: Real Path: C:\Windows\system32\mmcss.dll
2012-05-13 15:48:13: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-05-13 15:48:13: Description: @%systemroot%\system32\mmcss.dll,-103
2012-05-13 15:48:13: ServiceDLL: system32\mmcss.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: mmcss.dll
2012-05-13 15:48:13: Original File Name: mmcss.dll.mui
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: TrkWks
2012-05-13 15:48:13: Real Path: C:\Windows\System32\trkwks.dll
2012-05-13 15:48:13: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-05-13 15:48:13: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-05-13 15:48:13: ServiceDLL: System32\trkwks.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: trkwks.dll
2012-05-13 15:48:13: Original File Name: trkwks.dll.mui
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: !!!!!!!
2012-05-13 15:48:13: Found Service: upnphost
2012-05-13 15:48:13: Real Path: C:\Windows\System32\upnphost.dll
2012-05-13 15:48:13: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-05-13 15:48:13: Description: @%systemroot%\system32\upnphost.dll,-214
2012-05-13 15:48:13: ServiceDLL: System32\upnphost.dll
2012-05-13 15:48:13: File size: 266752
2012-05-13 15:48:13: DLL File name: upnphost.dll
2012-05-13 15:48:13: Original File Name: unpnhost.dll.mui
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
2012-05-13 15:48:13: !!!!!!!!!
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: UxSms
2012-05-13 15:48:13: Real Path: C:\Windows\System32\uxsms.dll
2012-05-13 15:48:13: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-05-13 15:48:13: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-05-13 15:48:13: ServiceDLL: System32\uxsms.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: uxsms.dll
2012-05-13 15:48:13: Original File Name: UxSms.dll
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: W32Time
2012-05-13 15:48:13: Real Path: C:\Windows\system32\w32time.dll
2012-05-13 15:48:13: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-05-13 15:48:13: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-05-13 15:48:13: ServiceDLL: system32\w32time.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: w32time.dll
2012-05-13 15:48:13: Original File Name: w32time.dll.mui
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: WbioSrvc
2012-05-13 15:48:13: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-05-13 15:48:13: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-05-13 15:48:13: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-05-13 15:48:13: ServiceDLL: System32\wbiosrvc.dll
2012-05-13 15:48:13: File size: 0
2012-05-13 15:48:13: DLL File name: wbiosrvc.dll
2012-05-13 15:48:13: Original File Name: wbiosrvc.dll.mui
2012-05-13 15:48:13: Company:
2012-05-13 15:48:13: Mod/Cre/Acc time:
2012-05-13 15:48:13: ---------------------------------------------------------------------
2012-05-13 15:48:13: Found Service: wcncsvc
2012-05-13 15:48:13: Real Path: C:\Windows\System32\wcncsvc.dll
2012-05-13 15:48:13: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-05-13 15:48:13: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-05-13 15:48:13: ServiceDLL: System32\wcncsvc.dll
2012-05-13 15:48:13: File size: 276992
2012-05-13 15:48:13: DLL File name: wcncsvc.dll
2012-05-13 15:48:13: Original File Name: WCNCSVC.DLL.MUI
2012-05-13 15:48:13: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time: 20101120082135 20110611193050 20110611193050
2012-05-13 15:48:14: ---------------------------------------------------------------------
2012-05-13 15:48:14: Found Service: WcsPlugInService
2012-05-13 15:48:14: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-05-13 15:48:14: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-05-13 15:48:14: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-05-13 15:48:14: ServiceDLL: System32\WcsPlugInService.dll
2012-05-13 15:48:14: File size: 32768
2012-05-13 15:48:14: DLL File name: WcsPlugInService.dll
2012-05-13 15:48:14: Original File Name: WcsPlugInService.DLL.MUI
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-05-13 15:48:14: ---------------------------------------------------------------------
2012-05-13 15:48:14: Found Service: WdiServiceHost
2012-05-13 15:48:14: Real Path: C:\Windows\system32\wdi.dll
2012-05-13 15:48:14: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-05-13 15:48:14: Description: @%systemroot%\system32\wdi.dll,-503
2012-05-13 15:48:14: ServiceDLL: system32\wdi.dll
2012-05-13 15:48:14: File size: 76288
2012-05-13 15:48:14: DLL File name: wdi.dll
2012-05-13 15:48:14: Original File Name: wdi.dll.mui
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-13 15:48:14: ---------------------------------------------------------------------
2012-05-13 15:48:14: Found Service: WdiSystemHost
2012-05-13 15:48:14: Real Path: C:\Windows\system32\wdi.dll
2012-05-13 15:48:14: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-05-13 15:48:14: Description: @%systemroot%\system32\wdi.dll,-501
2012-05-13 15:48:14: ServiceDLL: system32\wdi.dll
2012-05-13 15:48:14: File size: 76288
2012-05-13 15:48:14: DLL File name: wdi.dll
2012-05-13 15:48:14: Original File Name: wdi.dll.mui
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-13 15:48:14: !!!!!!!
2012-05-13 15:48:14: Found Service: WebClient
2012-05-13 15:48:14: Real Path: C:\Windows\System32\webclnt.dll
2012-05-13 15:48:14: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-05-13 15:48:14: Description: @%systemroot%\system32\webclnt.dll,-101
2012-05-13 15:48:14: ServiceDLL: System32\webclnt.dll
2012-05-13 15:48:14: File size: 204800
2012-05-13 15:48:14: DLL File name: webclnt.dll
2012-05-13 15:48:14: Original File Name: davsvc.dll.mui
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time: 20101120082135 20110611193115 20110611193115
2012-05-13 15:48:14: !!!!!!!!!
2012-05-13 15:48:14: ---------------------------------------------------------------------
2012-05-13 15:48:14: Found Service: Wecsvc
2012-05-13 15:48:14: Real Path: C:\Windows\system32\wecsvc.dll
2012-05-13 15:48:14: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-05-13 15:48:14: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-05-13 15:48:14: ServiceDLL: system32\wecsvc.dll
2012-05-13 15:48:14: File size: 0
2012-05-13 15:48:14: DLL File name: wecsvc.dll
2012-05-13 15:48:14: Original File Name: wecsvc.dll.mui
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time:
2012-05-13 15:48:14: !!!!!!!
2012-05-13 15:48:14: Found Service: wercplsupport
2012-05-13 15:48:14: Real Path: C:\Windows\System32\wercplsupport.dll
2012-05-13 15:48:14: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-05-13 15:48:14: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-05-13 15:48:14: ServiceDLL: System32\wercplsupport.dll
2012-05-13 15:48:14: File size: 0
2012-05-13 15:48:14: DLL File name: wercplsupport.dll
2012-05-13 15:48:14: Original File Name: ERC
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time:
2012-05-13 15:48:14: !!!!!!!!!
2012-05-13 15:48:14: !!!!!!!
2012-05-13 15:48:14: Found Service: WerSvc
2012-05-13 15:48:14: Real Path: C:\Windows\System32\WerSvc.dll
2012-05-13 15:48:14: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-05-13 15:48:14: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-05-13 15:48:14: ServiceDLL: System32\WerSvc.dll
2012-05-13 15:48:14: File size: 0
2012-05-13 15:48:14: DLL File name: WerSvc.dll
2012-05-13 15:48:14: Original File Name: wersvc
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time:
2012-05-13 15:48:14: !!!!!!!!!
2012-05-13 15:48:14: ---------------------------------------------------------------------
2012-05-13 15:48:14: Found Service: Winmgmt
2012-05-13 15:48:14: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-05-13 15:48:14: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-05-13 15:48:14: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-05-13 15:48:14: ServiceDLL: system32\wbem\WMIsvc.dll
2012-05-13 15:48:14: File size: 0
2012-05-13 15:48:14: DLL File name: WMIsvc.dll
2012-05-13 15:48:14: Original File Name: wmisvc.dll.mui
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time:
2012-05-13 15:48:14: ---------------------------------------------------------------------
2012-05-13 15:48:14: Found Service: WinRM
2012-05-13 15:48:14: Real Path: C:\Windows\system32\WsmSvc.dll
2012-05-13 15:48:14: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-05-13 15:48:14: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-05-13 15:48:14: ServiceDLL: system32\WsmSvc.dll
2012-05-13 15:48:14: File size: 1175040
2012-05-13 15:48:14: DLL File name: WsmSvc.dll
2012-05-13 15:48:14: Original File Name: WsmSvc.dll.mui
2012-05-13 15:48:14: Company:
2012-05-13 15:48:14: Mod/Cre/Acc time: 20101120082139 20110611193118 20110611193118
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: Wlansvc
2012-05-13 15:48:15: Real Path: C:\Windows\System32\wlansvc.dll
2012-05-13 15:48:15: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-05-13 15:48:15: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-05-13 15:48:15: ServiceDLL: System32\wlansvc.dll
2012-05-13 15:48:15: File size: 0
2012-05-13 15:48:15: DLL File name: wlansvc.dll
2012-05-13 15:48:15: Original File Name: wlansvc.dll.mui
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time:
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: WPCSvc
2012-05-13 15:48:15: Real Path: C:\Windows\System32\wpcsvc.dll
2012-05-13 15:48:15: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-05-13 15:48:15: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-05-13 15:48:15: ServiceDLL: System32\wpcsvc.dll
2012-05-13 15:48:15: File size: 10752
2012-05-13 15:48:15: DLL File name: wpcsvc.dll
2012-05-13 15:48:15: Original File Name: wpcsvc.exe.mui
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: WPDBusEnum
2012-05-13 15:48:15: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-05-13 15:48:15: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-05-13 15:48:15: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-05-13 15:48:15: ServiceDLL: system32\wpdbusenum.dll
2012-05-13 15:48:15: File size: 0
2012-05-13 15:48:15: DLL File name: wpdbusenum.dll
2012-05-13 15:48:15: Original File Name: WpdBusEnum.DLL.MUI
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time:
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: wscsvc
2012-05-13 15:48:15: Real Path: C:\Windows\system32\wscsvc.dll
2012-05-13 15:48:15: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-05-13 15:48:15: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-05-13 15:48:15: ServiceDLL: system32\wscsvc.dll
2012-05-13 15:48:15: File size: 0
2012-05-13 15:48:15: DLL File name: wscsvc.dll
2012-05-13 15:48:15: Original File Name: wscsvc.dll.mui
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time:
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: wuauserv
2012-05-13 15:48:15: Real Path: C:\Windows\system32\wuaueng.dll
2012-05-13 15:48:15: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-05-13 15:48:15: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-05-13 15:48:15: ServiceDLL: system32\wuaueng.dll
2012-05-13 15:48:15: File size: 0
2012-05-13 15:48:15: DLL File name: wuaueng.dll
2012-05-13 15:48:15: Original File Name: wuaueng.dll.mui
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time:
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: wudfsvc
2012-05-13 15:48:15: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-05-13 15:48:15: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-05-13 15:48:15: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-05-13 15:48:15: ServiceDLL: System32\WUDFSvc.dll
2012-05-13 15:48:15: File size: 0
2012-05-13 15:48:15: DLL File name: WUDFSvc.dll
2012-05-13 15:48:15: Original File Name: WUDFSvc.dll.mui
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time:
2012-05-13 15:48:15: ---------------------------------------------------------------------
2012-05-13 15:48:15: Found Service: WwanSvc
2012-05-13 15:48:15: Real Path: C:\Windows\System32\wwansvc.dll
2012-05-13 15:48:15: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-05-13 15:48:15: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-05-13 15:48:15: ServiceDLL: System32\wwansvc.dll
2012-05-13 15:48:15: File size: 0
2012-05-13 15:48:15: DLL File name: wwansvc.dll
2012-05-13 15:48:15: Original File Name: WwanSvc.dll.mui
2012-05-13 15:48:15: Company:
2012-05-13 15:48:15: Mod/Cre/Acc time:
2012-05-13 15:48:15:
2012-05-13 15:48:15: Looking for SHELL key
2012-05-13 15:48:15: Now looking for bad DLL files in system32
2012-05-13 15:49:48: Folder: GAC
2012-05-13 15:49:48: Folder: GAC_32
2012-05-13 15:49:48: Folder: GAC_64
2012-05-13 15:49:48: Folder: GAC_MSIL
2012-05-13 15:49:48: Folder: NativeImages_v2.0.50727_32
2012-05-13 15:49:48: Folder: NativeImages_v2.0.50727_64
2012-05-13 15:49:48: Folder: NativeImages_v4.0.30319_32
2012-05-13 15:49:48: Folder: NativeImages_v4.0.30319_64
2012-05-13 15:49:48: Folder: temp
2012-05-13 15:49:48: Folder: tmp
2012-05-13 15:49:49: Checking for bad folder
2012-05-13 15:49:49: Found 1 folders.
2012-05-13 15:49:49: Checking C:\Windows\assembly\tmp
2012-05-13 15:49:49: ... Folder test returns: 1
2012-05-13 15:49:49: Done with folder list in C:\Windows\assembly\ tmp
2012-05-13 15:49:49: Autonomous mode, clearing out yt folder
2012-05-13 15:49:49: cmd.exe /c start "C:\Users\mmcook\Downloads\yorkyt.exe"
2012-05-13 15:49:57: Restarting...
2012-05-13 15:52:41: ****************************************************
2012-05-13 15:52:41: Starting UP ... v 0.0.0.220
2012-05-13 15:52:41: ****************************************************
2012-05-13 15:52:42: Stop TPSRV returns: 2
2012-05-13 15:52:57: Listing processes...
2012-05-13 15:52:57: :[System Process]:0
2012-05-13 15:52:57: :System:4
2012-05-13 15:52:57: :smss.exe:272
2012-05-13 15:52:57: :csrss.exe:408
2012-05-13 15:52:57: :wininit.exe:472
2012-05-13 15:52:57: :csrss.exe:484
2012-05-13 15:52:57: :winlogon.exe:528
2012-05-13 15:52:57: :services.exe:576
2012-05-13 15:52:57: :lsass.exe:584
2012-05-13 15:52:57: :lsm.exe:596
2012-05-13 15:52:57: :svchost.exe:700
2012-05-13 15:52:57: :svchost.exe:776
2012-05-13 15:52:57: :MsMpEng.exe:836
2012-05-13 15:52:57: :svchost.exe:912
2012-05-13 15:52:57: :svchost.exe:964
2012-05-13 15:52:57: :svchost.exe:1004
2012-05-13 15:52:57: :audiodg.exe:420
2012-05-13 15:52:57: :svchost.exe:760
2012-05-13 15:52:57: :DockLogin.exe:488
2012-05-13 15:52:57: :svchost.exe:1248
2012-05-13 15:52:57: :ccSvcHst.exe:1308
2012-05-13 15:52:57: :dwm.exe:1656
2012-05-13 15:52:57: :explorer.exe:1680
2012-05-13 15:52:57: :yorkyt.exe:1776
2012-05-13 15:52:57: :spoolsv.exe:1972
2012-05-13 15:52:57: :igfxtray.exe:2020
2012-05-13 15:52:57: :hkcmd.exe:2028
2012-05-13 15:52:57: :igfxpers.exe:1316
2012-05-13 15:52:57: :svchost.exe:1416
2012-05-13 15:52:57: :igfxsrvc.exe:1400
2012-05-13 15:52:57: :RAVCpl64.exe:1464
2012-05-13 15:52:57: :taskhost.exe:1284
2012-05-13 15:52:57: :msseces.exe:1516
2012-05-13 15:52:57: :ISUSPM.exe:1576
2012-05-13 15:52:57: :ONENOTEM.EXE:1676
2012-05-13 15:52:58: :PDVDDXSrv.exe:1128
2012-05-13 15:52:58: :Acrotray.exe:1860
2012-05-13 15:52:58: :concentr.exe:944
2012-05-13 15:52:58: :nmctxth.exe:468
2012-05-13 15:52:58: :EEventManager.exe:1052
2012-05-13 15:52:58: :iTunesHelper.exe:988
2012-05-13 15:52:58: :wfcrun32.exe:1784
2012-05-13 15:52:58: :NetworkLicenseServer.exe:2584
2012-05-13 15:52:58: :AERTSr64.exe:2612
2012-05-13 15:52:58: :AppleMobileDeviceService.exe:2652
2012-05-13 15:52:58: :mDNSResponder.exe:2740
2012-05-13 15:52:58: :E_S50STB.EXE:2804
2012-05-13 15:52:58: :E_S50RPB.EXE:2832
2012-05-13 15:52:58: :McciCMService.exe:2876
2012-05-13 15:52:58: :McciCMService.exe:2924
2012-05-13 15:52:58: :svchost.exe:2984
2012-05-13 15:52:58: :svchost.exe:3004
2012-05-13 15:52:58: :SeaPort.EXE:3056
2012-05-13 15:52:58: :svchost.exe:2192
2012-05-13 15:52:58: :WLIDSVC.EXE:2204
2012-05-13 15:52:58: :WLIDSVCM.EXE:2052
2012-05-13 15:52:58: :nmsrvc.exe:3140
2012-05-13 15:52:58: :WmiPrvSE.exe:3240
2012-05-13 15:52:58: :WmiPrvSE.exe:3272
2012-05-13 15:52:58: :iPodService.exe:3656
2012-05-13 15:52:58: :FNPLicensingService.exe:3684
2012-05-13 15:52:58: :SearchIndexer.exe:3844
2012-05-13 15:52:58: :WUDFHost.exe:684
2012-05-13 15:52:58: :wmpnetwk.exe:3452
2012-05-13 15:52:58: :Acrodist.exe:3580
2012-05-13 15:52:58: :svchost.exe:1848
2012-05-13 15:52:58: :SearchProtocolHost.exe:4300
2012-05-13 15:52:58: :SearchFilterHost.exe:4324
2012-05-13 15:52:58: :svchost.exe:4616
2012-05-13 15:52:58:
2012-05-13 15:52:58: Starting cleanup mode...
2012-05-13 15:53:51: ... Done with files, now folders
2012-05-13 15:53:58: All DONE

#10 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 13 May 2012 - 03:36 PM

RogueKiller

(I've now done this one twice. Again, at the end when I went to close the application, a window popped up telling me that no elements had been deleted yet and asking if I still wanted to continue. Again, I did NOT tell it to delete anything as you had not instructed me to do so. But I kind of wanted to tell it to delete the stuff under "Hosts" as my previous Internet research suggested that the pop up was due to a hijacking of my Hosts file. Can I/Should I run this again and tell it to delete something?)



RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: mmcook [Admin rights]
Mode: Scan -- Date: 05/13/2012 16:06:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] _uninst_48613200.lnk @mmcook : C:\Users\mmcook\AppData\Local\Temp\_uninst_48613200.bat -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
176.9.75.3 www.google-analytics.com.
176.9.75.3 ad-emea.doubleclick.net.
176.9.75.3 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 69aac9eee4698390d87ead151b777abc
[BSP] 5ac569e9e71c018ba2b70830b9d7016e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 7918 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16328704 | Size: 602506 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


OTL Txt


OTL logfile created on: 5/13/2012 4:14:25 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\mmcook\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 65.42% Memory free
7.98 Gb Paging File | 6.51 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 588.37 Gb Total Space | 444.52 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive D: | 47.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COOK-HOME | User Name: mmcook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/13 16:12:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/12/17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/07 20:35:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/13 01:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 01:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/26 11:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/07/11 18:36:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/07 20:35:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/12/04 13:52:52 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/12/04 13:52:52 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/12/04 13:52:50 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/11/24 18:32:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/04 11:38:53 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\62853215.sys -- (62853215)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/28 11:46:22 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/12/04 13:52:54 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/12/04 13:52:54 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/04 13:52:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/08 20:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/07 17:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2012/05/13 15:58:06 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D64FD7C4-96C4-4424-A138-98B4CBABDDA9}\MpKsl007cf40e.sys -- (MpKsl007cf40e)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/14 12:13:10 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120327.008\EX64.SYS -- (NAVEX15)
DRV - [2011/12/14 12:13:10 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120327.008\ENG64.SYS -- (NAVENG)
DRV - [2009/12/04 13:52:54 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/12/04 13:52:54 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/12/04 13:52:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C97B4257-6230-4F12-9EAD-229E009A1BF8}
IE:64bit: - HKLM\..\SearchScopes\{C97B4257-6230-4F12-9EAD-229E009A1BF8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C97B4257-6230-4F12-9EAD-229E009A1BF8}
IE - HKLM\..\SearchScopes\{C97B4257-6230-4F12-9EAD-229E009A1BF8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 01:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmcook\AppData\Roaming\Mozilla\Extensions
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\extensions
[2012/04/17 21:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/17 21:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/08 18:48:28 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\MMCOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZW9J5YW.DEFAULT\EXTENSIONS\PHLUOLIMFY@PHLUOLIMFY.ORG.XPI
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/04/12 21:19:01 | 000,001,389 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 176.9.75.3 www.google-analytics.com.
O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net.
O1 - Hosts: 176.9.75.3 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48613200.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D372490F-985F-4182-88C3-716C25E2FDFD}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 20:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/05/17 20:22:36 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D4998D64-748C-82F1-BB4C-213F615E41A7} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 16:12:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/05/07 23:33:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/07 23:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/07 22:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/07 22:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/07 22:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/07 22:55:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/07 22:49:23 | 000,000,000 | ---D | C] -- C:\Users\mmcook\Desktop\tdsskiller
[2012/05/07 22:20:25 | 000,000,000 | ---D | C] -- C:\Users\mmcook\Desktop\RK_Quarantine
[2012/05/07 21:42:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/05/06 15:35:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\mmcook\Desktop\dds.scr
[2012/05/05 21:49:00 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\62853215.sys
[2012/05/02 10:00:04 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe
[2012/04/20 16:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/20 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/20 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/20 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/17 21:51:02 | 000,000,000 | ---D | C] -- C:\Users\mmcook\Documents\JavaRa-1.16-16-12-11
[2012/04/17 21:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/16 22:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/15 23:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/04/14 00:29:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/13 20:26:12 | 000,000,000 | ---D | C] -- C:\Users\mmcook\transfer
[2012/04/13 18:26:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

========== Files - Modified Within 30 Days ==========

[2012/05/13 16:12:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/05/13 16:05:07 | 001,420,288 | ---- | M] () -- C:\Users\mmcook\Desktop\RogueKiller.exe
[2012/05/13 15:59:48 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 15:59:48 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 15:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/13 15:50:49 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/13 14:22:21 | 000,006,324 | ---- | M] () -- C:\Users\mmcook\Desktop\Router_Setup.html
[2012/05/10 18:12:04 | 000,458,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/09 23:46:06 | 000,764,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 23:46:06 | 000,641,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 23:46:06 | 000,112,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 22:54:59 | 000,001,162 | ---- | M] () -- C:\Users\mmcook\Desktop\ComboFix - Shortcut.lnk
[2012/05/07 22:49:29 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe
[2012/05/07 22:46:58 | 002,055,783 | ---- | M] () -- C:\Users\mmcook\Desktop\tdsskiller.zip
[2012/05/07 22:08:48 | 000,002,723 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/05/07 22:03:25 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012/05/07 21:43:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/05/06 15:35:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\mmcook\Desktop\dds.scr
[2012/05/06 15:34:29 | 000,000,000 | ---- | M] () -- C:\Users\mmcook\defogger_reenable
[2012/05/05 21:48:59 | 133,615,528 | ---- | M] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/04 11:38:53 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\62853215.sys
[2012/05/01 23:21:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/01 23:21:21 | 000,764,510 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/28 19:36:43 | 000,001,016 | ---- | M] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48613200.lnk
[2012/04/20 16:00:35 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/18 22:25:37 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/04/13 18:09:11 | 432,568,631 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/05/13 16:05:02 | 001,420,288 | ---- | C] () -- C:\Users\mmcook\Desktop\RogueKiller.exe
[2012/05/13 14:22:21 | 000,006,324 | ---- | C] () -- C:\Users\mmcook\Desktop\Router_Setup.html
[2012/05/13 14:22:21 | 000,000,172 | R--- | C] () -- C:\Users\mmcook\Desktop\Router Login.url
[2012/05/07 22:56:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/07 22:56:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/07 22:56:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/07 22:56:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/07 22:56:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/07 22:54:59 | 000,001,162 | ---- | C] () -- C:\Users\mmcook\Desktop\ComboFix - Shortcut.lnk
[2012/05/07 22:46:51 | 002,055,783 | ---- | C] () -- C:\Users\mmcook\Desktop\tdsskiller.zip
[2012/05/07 22:06:52 | 000,002,723 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/05/07 22:03:25 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/05/06 15:34:29 | 000,000,000 | ---- | C] () -- C:\Users\mmcook\defogger_reenable
[2012/05/05 21:42:21 | 133,615,528 | ---- | C] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/04/30 22:22:30 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/30 22:22:05 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/28 19:36:43 | 000,001,016 | ---- | C] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48613200.lnk
[2012/04/20 16:00:35 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/19 23:02:44 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/18 22:15:16 | 000,196,608 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2012/04/07 20:12:24 | 000,000,112 | ---- | C] () -- C:\ProgramData\O2oEGr.dat
[2011/09/06 23:19:13 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/05 13:14:39 | 000,000,079 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/08/16 21:36:45 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2011/06/22 18:48:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/02 21:11:49 | 000,000,000 | ---- | C] () -- C:\Users\mmcook\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/04/11 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\.minecraft
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\DarksporeData
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Epson
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\ICAClient
[2011/09/05 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Leadertech
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Magic Set Editor
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\PCDr
[2009/12/26 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\SPORE
[2010/11/02 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Template
[2010/08/08 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Wizards of the Coast
[2012/05/02 15:29:14 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/04/11 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\.minecraft
[2012/04/11 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Adobe
[2011/12/09 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Apple Computer
[2009/12/06 12:41:43 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\CyberLink
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\DarksporeData
[2011/05/24 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Dell
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Epson
[2011/08/20 20:18:29 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\HpUpdate
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\ICAClient
[2009/12/06 12:37:08 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Identities
[2011/09/05 13:21:27 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\InstallShield
[2011/09/05 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Leadertech
[2009/12/06 12:43:39 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Macromedia
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Macrovision
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Magic Set Editor
[2012/04/08 02:32:12 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Media Center Programs
[2012/04/12 21:22:57 | 000,000,000 | --SD | M] -- C:\Users\mmcook\AppData\Roaming\Microsoft
[2012/04/11 01:36:54 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Mozilla
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\PCDr
[2012/04/11 01:52:32 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Roxio
[2009/12/25 13:54:06 | 000,000,000 | R--D | M] -- C:\Users\mmcook\AppData\Roaming\SecuROM
[2009/12/26 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\SPORE
[2010/11/02 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Template
[2010/08/08 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Wizards of the Coast

< %APPDATA%\*.exe /s >
[2012/01/02 22:13:57 | 015,904,528 | ---- | M] (Maxis, a division of Electronic Arts Inc.) -- C:\Users\mmcook\AppData\Roaming\DarksporeData\Patches\5.3.0.50_binary_1_all\Darkspore.exe
[2011/07/27 18:53:13 | 009,469,024 | ---- | M] (Dell Inc) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Binaries\patch_dsc_583012to583014_64_02.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\0dccacf1-0dcd-4917-b318-23b9576ca7da\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\3cf17544-9d81-451e-92b9-86bc251439da\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\4d1ad287-4a67-4a3f-8840-820c4b28782e\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\6abffe38-dc96-4ae5-9b40-eb8fed7e55e1\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\6b40adae-112c-4937-bec7-de137beb46a3\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\70ca95fd-1bae-41c2-86ca-6848b1dab3d9\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\99bad737-e584-422f-ae5f-d8608cc5a818\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\a47a0ece-0b0e-4df6-b728-4759d06726c7\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\c348474d-6f85-4ea3-92f4-e7e28f7569fc\DellSignedAppUpdaterRules_dsc\AddCertificate.exe
[2010/10/12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\mmcook\AppData\Roaming\PCDr\Update\Rules\e5b2ff7c-694c-4b83-8d41-731058cb4e8d\DellSignedAppUpdaterRules_dsc\AddCertificate.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< End of report >


Extras.txt


OTL Extras logfile created on: 5/13/2012 4:14:25 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\mmcook\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 65.42% Memory free
7.98 Gb Paging File | 6.51 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 588.37 Gb Total Space | 444.52 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive D: | 47.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COOK-HOME | User Name: mmcook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030F019-E6EC-4FD2-803F-353273B7AA49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0495BAC6-6AB6-4275-9483-7E66FD07DD01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0FC1C585-F383-428E-990A-AC1567A4C910}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B9C3DA8-F59D-4EB0-990A-24CBC806EE25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1C7AD3DD-869A-474E-9AB7-551DD3BD3A34}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{317B8B1C-4F52-4272-B849-11DA3E51F5B1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{34092067-B479-42BE-9468-6ECE5620ABBA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{340A5E3D-CEB3-451A-B20F-029565DCE611}" = rport=138 | protocol=17 | dir=out | app=system |
"{40F3665A-D9E0-4057-96B9-57AA3D3C333E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{4858B3AB-7B54-4755-B06C-3388D87A7F43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{497F0303-E8F3-428C-ADAC-ABBE172162C3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{53AAA216-5EC0-4161-BAFA-3A9D956E6CA9}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A4FF537-3116-469E-AA86-5656457AC2C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{647B41D2-8F2D-426C-9E9E-AB0C7BABF9D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6DA1B28B-D96C-4938-95DB-85E406BC58CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{75E2DB63-5A98-495A-923D-6562D46A80FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D952B09-245A-41D1-A21E-30C73AD3D666}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8495982C-94B4-4468-8B59-48A9710EC988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9790EA7A-1FFD-4974-9452-739B337EAE55}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5D61BAD-8E69-4BEE-8CE8-DD681EFA392E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE624A77-E776-47E8-B8A7-74B59CB58771}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2747D1C-5B5D-481C-B86B-D682C54957E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{CB8B70CD-6E83-41B2-BAC9-7387765FF4AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFAF5597-90D8-487F-B10A-B0437873DB0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB0F54CE-DBCB-425B-8D9D-FF4CF8D7A9B2}" = lport=445 | protocol=6 | dir=in | app=system |
"{E4B9B3C9-3743-4089-A466-9901EE8567DA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{EFA7D3FF-B829-443B-9731-9ECFEA608ECC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4CAF112-2384-4ED1-880F-C44D3F86545C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{FC3C2AB2-611A-4A45-918E-AF87E3F0CEE7}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0257AD9C-9F5B-4A3E-A81E-6A15EC26B960}" = protocol=17 | dir=in | app=c:\users\mmcook\appdata\local\temp\7zs205c.tmp\symnrt.exe |
"{03AEDD3D-DBEC-4C4F-9449-5E08E335504A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{03DC8398-0E1C-47D3-876E-9417B9C0FDCB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B929639-D7F4-4E46-9166-E99537230177}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{0F41D088-48E7-484C-BDC3-81EA2CDDE7F5}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{13E7FD37-ECB1-49E7-A13F-6E040DF05E04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14322ED4-4ADA-4FFD-8396-8DA4ACC4D447}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{17101434-2157-4A0D-87CA-DD5314276F41}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24ABC6F5-BBB6-4DA4-A186-24DF2D914F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{29103321-9DDB-416B-B323-BC6365D3BB40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A4C0015-C399-40E0-A3C1-0A706CB66886}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2B9495CF-4D97-46F8-98D9-27502B5DA187}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D5DB0AA-2028-4BBA-A9F5-EBF0B6CB90F0}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"{2F0B6574-422E-4FBC-8350-6AEA0A85865F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{30D5E9EC-DB63-4DB1-9A14-A0C9C9E5FA3C}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{31517A0F-78AB-41EB-B065-B7E596ED3BAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{319AD34F-6536-4842-87B3-D5A9EAA2BDBA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{39E5C741-6975-493A-8623-52F61DEFF970}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{3A6ABD12-227A-4D5C-91C4-8CF2BC8DE5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{49D1786D-9149-4269-9FCA-17FD9E2D2E0A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{4A723704-B415-4095-ACCC-19BD41A2C4CD}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"{5599C537-07F9-46CB-A72B-AEC05515EE6F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"{58CEDB7C-7AB8-412A-9860-904CC1C79189}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{5F1123E7-B7D7-4683-9B5F-D166BCD43810}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{65C4DF43-E343-4C01-AFDB-593ED78A28EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6919BCB1-96E4-44FA-81CC-AA80D31BA277}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B09E222-EEE4-41E0-9969-B5F9CDF83731}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{6B8F8C52-40CA-470D-9CF8-4A02C353C77A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7115DC90-727A-4C0A-962D-3FD831FBAEB4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{75019A85-1285-46D2-9457-6432E3890EED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7D628DA0-91BB-4B81-9A63-74718E5C93F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7E916E22-01C2-4031-A655-B7D75D75EF0F}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{7FFDFEC1-4787-4D51-9D04-45DCCC911DD2}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{8199F3FC-13A2-4C1D-96FC-D7F182DAE5B4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8519D4E5-F7D5-4D30-87FE-CAFF2477512F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{857E3E84-9AD0-4D02-8A4F-EFB223E8EBC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D1CBCED-21E5-4C72-8AE4-A20EB90920E5}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{8DAD708D-7DFC-438A-B871-F204260C4F94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F2C1E28-0551-4CB2-9025-B40812CD747A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{917492B9-7413-4BB2-842B-2C37D8FB2272}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{91A3ABCE-83D5-4CCB-B8D6-195A8E2D1BD7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{91FA3E29-1FB8-44D8-9A04-26DCF9816D15}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{9460D25D-0115-42B4-8126-BB06F93E0EE6}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{95C4FA65-7388-44B9-969C-D5E30DECDC73}" = protocol=6 | dir=in | app=c:\users\mmcook\appdata\local\temp\7zs205c.tmp\symnrt.exe |
"{9DAD9E7D-5166-4AC0-A0C3-72ACFEF83EBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ED9CD04-C61A-4448-95D3-99C4041F58D9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{A134443E-1559-4697-B4D3-2250EDADEEC7}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{AE0D85E2-C1AA-481B-9A2D-01D5DAF505D9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{B1D081DF-C631-4C87-B517-38695A50C10C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B20F284F-D80E-4647-8B1B-7801C8006CCD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{B28B0B90-2B75-49D2-9720-BF1DF6911710}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B533F966-FE04-4B94-81CF-D6FAD828C45E}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{B71B2ED4-85C7-45B3-8EF2-DE9618DCFC47}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B8834AF9-753C-47DF-AAC1-79B0D2DE110B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{BC301D0A-55C7-4D77-B9E9-549AA8AA06B3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{C2BA3351-78F6-4777-969B-2CFD5EB90398}" = protocol=6 | dir=out | app=system |
"{C59E3A98-E912-4152-B6CB-EC277963958F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{C7ECC2CA-26CA-4E17-AB05-88EE26A0F639}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{C966F25C-7CB2-49C5-ACA0-C49720AD72C3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{CE2F6262-2BA7-4347-9266-58F76AB4C40C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"{D036070E-FD5A-4401-A260-1F3B07FF0E08}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"{D49B46DF-D589-4602-B684-5B98C215E9F6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{DF8F5FAF-177D-4F6D-A720-00FD5FA6C12E}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{EC4C3F35-BA93-455C-93C9-DD9251F4CDD3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"{EDE1DAA2-656C-4662-AC62-D540B6A21EC2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EF092749-B32D-4D7F-982F-4132B49594AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F25D68D1-A5D8-4A4B-AABF-3163051582EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F70A7BFA-5EE4-46FE-B45A-A8C3B717C340}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBCC1FEF-BE1D-4B26-BC50-3AB95226F0F9}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{FEB3ABA9-26A5-4608-904A-D06156086BF1}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"TCP Query User{306AB6D2-C185-4600-882F-00029F7B615C}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{3A5007C8-B913-4CE3-92EF-621A58EC38A2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{41C04AF2-EE26-4CF8-9BFD-94023E415C41}C:\users\andrew & connor\desktop\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\andrew & connor\desktop\mtgoiii_helper.exe |
"TCP Query User{665AE4B3-2C74-43EE-B0AD-09BF310FEC9C}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{6712AC44-312E-46E8-9EF9-460B876D0D08}C:\users\meeples\desktop\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\meeples\desktop\mtgoiii_helper.exe |
"TCP Query User{6FF14E19-872C-4808-B6D0-C84B9D763227}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{936CD09F-A2E6-4805-AEB0-0E7E98D9CE44}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{949717E4-1843-4651-98CD-CAD82D67E708}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{A18C30D9-3907-4897-BB6C-C5B654099564}C:\programdata\39f820\si39f_289.exe" = protocol=6 | dir=in | app=c:\programdata\39f820\si39f_289.exe |
"TCP Query User{F02B8242-ED02-45A9-AFBD-CE750100E3D2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{0102DEA4-6491-421F-BDE7-865EF9E55F16}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{02AFA787-1848-4BEA-AE04-7741698BED1B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{25F70941-44EB-49EE-8A3A-9C0AD1A94681}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{55197D07-ECB7-4238-BC73-2DD79890AD18}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{809AC07D-A1D1-46FA-88B8-2DBD04EFAF8E}C:\programdata\39f820\si39f_289.exe" = protocol=17 | dir=in | app=c:\programdata\39f820\si39f_289.exe |
"UDP Query User{A1506498-A13C-44B0-A0D2-2F3B8E8A5E48}C:\users\meeples\desktop\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\meeples\desktop\mtgoiii_helper.exe |
"UDP Query User{C21868F2-C215-4696-8668-DC7AF6498065}C:\users\andrew & connor\desktop\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\andrew & connor\desktop\mtgoiii_helper.exe |
"UDP Query User{D60B843A-A096-4DC3-A6BD-FFB101C715BE}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{DD3DEC29-C084-4DDD-9FDB-F4BA2C30E957}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{FD6DA611-3C7E-4E2B-BC52-BDA994589A86}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8180004F-8861-8051-87FE-C892A27A9AFB}" = ATI Catalyst Install Manager
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9915F060-19D4-11D4-A682-00105AA6FA07}" = D&D Character Generator Demo
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON WorkForce 840 Series" = EPSON WorkForce 840 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{089EC7B5-6480-4478-ACF0-DEFD4047343C}" = Epson Event Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore™
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C124BC7E-1C94-44C7-A8CA-70D10644FB05}" = Intellex Player
"{C1A0A3F9-C302-4A18-A2E0-71C927D24652}" = Epson Easy Photo Print 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.4 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.2
"ATT-PRT22" = ATT-PRT22
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Network MagicUninstall" = Network Magic
"Philips Retractable PC Controller" = Philips Retractable PC Controller
"Steam App 620" = Portal 2
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2011 8:55:27 AM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/19/2011 9:15:42 AM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/19/2011 9:51:27 AM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/19/2011 12:33:09 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/19/2011 12:33:09 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/19/2011 3:26:48 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/21/2011 7:36:10 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 508: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/22/2011 4:42:27 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 540: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/30/2011 9:04:51 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/30/2011 9:04:51 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 5/13/2012 3:38:32 PM | Computer Name = Cook-Home | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 5/13/2012 3:38:43 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Management Client service to connect.

Error - 5/13/2012 3:38:43 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7000
Description = The Symantec Management Client service failed to start due to the
following error: %%1053

Error - 5/13/2012 3:40:19 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 5/13/2012 3:50:03 PM | Computer Name = Cook-Home | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.125.1716.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 5/13/2012 3:50:47 PM | Computer Name = Cook-Home | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 5/13/2012 3:50:47 PM | Computer Name = Cook-Home | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 5/13/2012 3:51:03 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Management Client service to connect.

Error - 5/13/2012 3:51:03 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7000
Description = The Symantec Management Client service failed to start due to the
following error: %%1053

Error - 5/13/2012 3:52:44 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP


< End of report >

Edited by mmcook, 13 May 2012 - 03:40 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 AM

Posted 13 May 2012 - 04:31 PM

Hello,


1.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

2.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Hostfix
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
When aswMBR ran it placed MBR.dat on your desktop please attach that with your next reply. You may have to rename it to MBR.zip before attaching it.

4.
Does it have popups and redirects in all Browsers? Firefox, Internet Explorer, Google Chrome?

5.
please rerun Combofix and post its log.


Things to include in your next reply::
Roguekiller logs
MBR.dat
Combofix.txt
Still redirecting and having popups in all browsers?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 14 May 2012 - 05:21 PM

I have three RK reports:

#1

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: mmcook [Admin rights]
Mode: Remove -- Date: 05/13/2012 19:05:41

Bad processes: 0

Registry Entries: 7
[SUSP PATH] _uninst_48613200.lnk @mmcook : C:\Users\mmcook\AppData\Local\Temp\_uninst_48613200.bat -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost
::1 localhost
176.9.75.3 www.google-analytics.com.
176.9.75.3 ad-emea.doubleclick.net.
176.9.75.3 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


MBR Check:

+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 69aac9eee4698390d87ead151b777abc
[BSP] 5ac569e9e71c018ba2b70830b9d7016e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 7918 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16328704 | Size: 602506 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


#2


RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: mmcook [Admin rights]
Mode: Remove -- Date: 05/13/2012 19:05:53

Bad processes: 0

Registry Entries: 0

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost
::1 localhost
176.9.75.3 www.google-analytics.com.
176.9.75.3 ad-emea.doubleclick.net.
176.9.75.3 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


MBR Check:

+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 69aac9eee4698390d87ead151b777abc
[BSP] 5ac569e9e71c018ba2b70830b9d7016e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 7918 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16328704 | Size: 602506 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt


#3

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: mmcook [Admin rights]
Mode: HOSTSFix -- Date: 05/13/2012 19:06:17

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
::1 localhost
176.9.75.3 www.google-analytics.com.
176.9.75.3 ad-emea.doubleclick.net.
176.9.75.3 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt


aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 21:43:56
-----------------------------
21:43:56.448 OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:56.463 Number of processors: 2 586 0x170A
21:43:56.463 ComputerName: COOK-HOME UserName: mmcook
21:43:57.898 Initialize success
21:47:18.653 AVAST engine defs: 12050701
21:47:59.776 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:47:59.776 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
21:47:59.791 Disk 0 MBR read successfully
21:47:59.791 Disk 0 MBR scan
21:47:59.791 Disk 0 Windows 7 default MBR code
21:47:59.807 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:47:59.838 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 7918 MB offset 112640
21:47:59.869 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 602506 MB offset 16328704
21:47:59.932 Disk 0 scanning C:\Windows\system32\drivers
21:48:14.174 Service scanning
21:48:41.412 Modules scanning
21:48:41.412 Disk 0 trace - called modules:
21:48:41.443 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:48:41.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f6530]
21:48:41.459 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8003958d20]
21:48:41.459 5 ACPI.sys[fffff88000f387a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800447a060]
21:48:42.613 AVAST engine scan C:\Windows
21:48:46.217 AVAST engine scan C:\Windows\system32
21:53:11.371 AVAST engine scan C:\Windows\system32\drivers
21:53:25.067 AVAST engine scan C:\Users\mmcook
21:59:04.087 AVAST engine scan C:\ProgramData
22:02:33.145 Scan finished successfully
22:03:25.296 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
22:03:25.358 The log file has been saved successfully to "C:\aswMBR.txt"

#13 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 14 May 2012 - 05:24 PM

New ComboFix Part 1

ComboFix 12-05-14.03 - mmcook 05/14/2012 18:00:18.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2435 [GMT -4:00]
Running from: c:\users\mmcook\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\users\Meeples\AppData\Local\temp
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\users\Andrew & Connor\AppData\Local\temp
2012-05-14 22:06 . 2012-05-14 22:06 -------- d-----w- c:\users\All Users.WINDOWS\AppData\Local\temp
2012-05-14 21:57 . 2012-05-14 21:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D64FD7C4-96C4-4424-A138-98B4CBABDDA9}\offreg.dll
2012-05-13 19:51 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D64FD7C4-96C4-4424-A138-98B4CBABDDA9}\mpengine.dll
2012-05-12 17:04 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-10 00:49 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 00:49 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:49 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 00:49 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 00:49 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 00:48 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:47 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 00:47 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 00:47 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:47 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:47 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 00:47 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-06 01:49 . 2012-05-04 15:38 460888 ----a-w- c:\windows\system32\drivers\62853215.sys
2012-05-01 02:27 . 2012-05-01 02:26 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCEAC06F-9C69-4A53-87C7-2BB1432048C4}\gapaengine.dll
2012-04-20 20:00 . 2012-04-20 20:00 -------- d-----w- c:\program files\iTunes
2012-04-20 20:00 . 2012-04-20 20:00 -------- d-----w- c:\program files (x86)\iTunes
2012-04-20 20:00 . 2012-04-20 20:00 -------- d-----w- c:\program files\iPod
2012-04-18 22:28 . 2012-05-06 14:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-18 01:48 . 2012-04-18 01:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-17 02:58 . 2012-04-17 02:58 -------- d-----w- c:\program files (x86)\ESET
2012-04-16 03:53 . 2012-04-16 03:53 -------- d-----w- c:\programdata\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 14:11 . 2011-06-22 23:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:48 . 2010-07-13 00:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2009-12-06 18:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2011-04-27 19:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2011-04-18 17:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 06:46 . 2012-04-12 03:55 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 03:55 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 03:55 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 03:55 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 03:55 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 03:55 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 03:55 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 03:57 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 03:57 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 03:57 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 03:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 03:57 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 03:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 03:57 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 03:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38 . 2012-03-14 07:16 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:16 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-08_03.27.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 11:20 . 2007-02-17 14:21 63488 c:\windows\xcacls.exe
+ 2009-11-24 22:45 . 2012-05-13 19:54 58500 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-14 21:52 45836 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 12:23 . 2012-05-09 11:54 21092 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2341466117-3050677054-3231783024-1006_UserData.bin
+ 2009-12-06 18:27 . 2012-05-14 21:52 28874 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2341466117-3050677054-3231783024-1000_UserData.bin
- 2009-12-06 15:30 . 2012-05-07 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 15:30 . 2012-05-13 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-13 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-07 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-11 18:30 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-22 03:57 . 2011-11-22 03:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-12 04:01 . 2012-04-12 04:01 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-12 04:01 . 2012-04-12 04:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-10 03:40 . 2012-05-10 03:40 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-15 00:24 . 2011-12-15 00:24 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-05-10 03:48 . 2012-05-10 03:48 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-15 00:24 . 2011-12-15 00:24 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-12-31 01:10 . 2012-02-16 04:36 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-31 01:10 . 2012-05-10 03:39 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe
+ 2012-05-10 03:49 . 2012-05-10 03:49 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f3a9c6e87bfa4bab3689ec1cdb56964f\System.Windows.Presentation.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9b418f37f4594806e1f4b0ed6d083a95\System.Web.ApplicationServices.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\acd8bdefdcae0ce7c27b5ec016ef865c\System.Web.DynamicData.Design.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\ee709a01b51c82626f4b2c1173f2db28\stdole.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe
+ 2012-05-10 22:16 . 2012-05-10 22:16 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\1a359e9b908a2565c546a8ca04b241c2\PresentationCFFRasterizer.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-10 22:14 . 2012-05-10 22:14 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\3c3a6cce983114e7406e0a6e6116ecd8\Microsoft.VisualC.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe
+ 2012-05-10 23:49 . 2012-05-10 23:49 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\1cd9f92749d29b9fd61fcb1c4ae84294\ehiTVMSMusic.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe
+ 2012-05-10 22:15 . 2012-05-10 22:15 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\ae9311dcb0e713330a2a86b04cf361dc\Accessibility.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\81f5eeb0f7a4c41bece9a03c08e4d426\WindowsLiveWriter.ni.exe
+ 2012-05-10 23:42 . 2012-05-10 23:42 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\20225dde0701a809f23364e1c3492449\WindowsLive.Writer.Passport.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c1ea7869d01b1b668de2181be6ebca56\System.Web.DynamicData.Design.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d246780b91fd9f6393e85fb13bde94a6\stdole.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe
+ 2012-05-10 22:19 . 2012-05-10 22:19 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe
+ 2012-05-10 22:19 . 2012-05-10 22:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
+ 2009-12-12 18:19 . 2012-05-08 04:31 3974 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-14 21:49 . 2012-05-14 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-08 03:26 . 2012-05-08 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-14 21:49 . 2012-05-14 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-08 03:26 . 2012-05-08 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-10 23:47 . 2012-05-10 23:47 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
+ 2009-07-14 02:36 . 2012-05-10 03:46 641576 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-02 03:21 641576 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-10 03:46 112596 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-02 03:21 112596 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-05-10 22:12 458240 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-03-14 20:49 458240 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2012-05-14 04:08 420488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-08 03:25 420488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-15 18:01 . 2011-12-15 18:01 226600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2012-05-10 00:48 . 2012-02-10 23:29 172320 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll
+ 2012-05-10 00:48 . 2012-01-04 03:34 486144 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 131360 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-05-10 00:48 . 2012-01-04 02:51 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-05-10 00:48 . 2012-01-04 02:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-05-10 00:48 . 2012-01-04 02:50 996624 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2009-12-06 18:55 . 2012-04-12 03:59 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_X86.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 225640 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_AMD64.dll
+ 2011-09-16 01:41 . 2011-09-16 01:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2012-05-10 23:56 . 2012-05-10 23:56 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\65f25960625d91ca79a40f9067adc021\WindowsFormsIntegration.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\fb43d84bc59b21e8a7f3e36d616eea90\UIAutomationTypes.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\26f12a0a3baed2a227cf30aaeae03913\UIAutomationProvider.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\1c3c298326e9ac14796516ac1da09a16\UIAutomationClient.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\307eea660f877dc40ae90882ce554757\System.Xml.Linq.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\b4afa252d0f0e27b0b5e8fcb2cc5b3a7\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\8c0ee7b970cc4e8c2986c7898af71661\System.Transactions.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\85810fe277a718273eb946a460ae8010\System.ServiceProcess.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\eb4fb369926faaffede7aaf317fd6532\System.ServiceModel.Channels.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e5ab3c37897bb578bdbfe6b7e0558ad8\System.ServiceModel.Routing.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\e48b6a8c491a96d1bc601795532af605\System.Security.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\7590828d50338d512b11a4d3f87d69a2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\21d5b44ef01ccfa69e79674a51707de0\System.Runtime.Remoting.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\5f2bfb0585061dc256ee9587d430959f\System.Numerics.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\6996a415485a84fef2d2556b0462336f\System.Net.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\a3849a373beeb3509d8c22d5751dfad3\System.Messaging.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\92d266f677605e5475b7f39c063c4a9d\System.Management.Instrumentation.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\07a0e1efc063042be3e8faf62b413a12\System.IO.Log.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\7fd39b9a208214e6e5eba4e9396409f1\System.IdentityModel.Selectors.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\521f5bccf74318a4777597b0c01fda1e\System.Dynamic.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6a8bd7d373c988a585e90bb61c5ec8cc\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\78dd02d104bb15bc3820c06bd2876239\System.Device.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\97d1aaf3733b107ecdbecb9d21050ff4\System.Data.DataSetExtensions.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c3d7a7ff58ff502887d8f1b77e61adbc\System.Configuration.Install.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a4f91f2dfd1656ef2e42917963f6bf50\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 871936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\b1c67ee2e0e6e78c31985069fbc82596\System.AddIn.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c69fb0f955adc7ca80cd5f2fd730edea\System.Activities.DurableInstancing.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\11fc863fa4f5092fca4f2ce25a9ac361\SMSvcHost.ni.exe
+ 2012-05-10 23:53 . 2012-05-10 23:53 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\50e8e826488639e549589ba34666933e\SMDiagnostics.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\722c0236432dd5ccc047481d3ebbd49e\PresentationFramework.Royale.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\6739c3715c9e38dbdfbfd57b424a3094\PresentationFramework.Aero.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3e7359f5f0fb68565314f88f6ec2d67a\PresentationFramework.Luna.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\263748f3d18955b9e467710da1e8546f\PresentationFramework.Classic.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6493bbb60833072904ad141a5a4d08ac\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\6480551111832c83ee88bcf756a72533\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\0e81a3996f7cbff23fc01bea4185a918\CustomMarshalers.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ede3b9144bc31da0eaaf86c7b6a9eaaa\WindowsFormsIntegration.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\7a9f70fa774076a7ec19bc03e7064d0d\UIAutomationClient.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\35da2da22db8fde344d9e17b20a91816\System.ServiceProcess.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd25ddcfa0417d40e3f1385e30abcd6f\System.Net.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\87f2fdf92547c337644f4db30caa63e3\System.Messaging.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\08397796343d5730a29f42e61c7f6ee7\System.Management.Instrumentation.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ff1250d2409bd16283c423650d6fd3f6\System.IO.Log.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\e60675d3ba7fa94924489dc8466ebff5\System.IdentityModel.Selectors.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a9b1e597aaa263dea2cf8754440bd271\System.Dynamic.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e41e86da56bb60523251e0e08210a77b\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94d45f7f28d81304d7fa83bcea849141\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4c50d8a951546d6dffdc8bcb23f47a7b\System.Device.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\977c7c2badf6a9059ba8371a0f645fc8\System.Configuration.Install.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\877ef74350e6d374ca8f80b489a8cc8e\System.ComponentModel.Composition.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4330e93f9d0ef85f1a972e11c2ac5156\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0c67d9fc14856eb7d8b4e405aef79960\System.AddIn.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b046f2d5f056b906d7b25b75ca23575\System.Activities.DurableInstancing.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\4847f66153121ec4ed532909f7c152be\SMSvcHost.ni.exe
+ 2012-05-10 23:45 . 2012-05-10 23:45 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef6e3eb351fe12a5766be7c956c35d95\PresentationFramework.Classic.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e49a124fdad0f1db135f03a49f18fb48\PresentationFramework.Royale.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a604989c1d4b14505e020b7d015cacbd\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\01c5ff7a1ea0463414736df5d449e0a9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\ad7f43afb4f124acae4d503b40f591c1\WsatConfig.ni.exe
+ 2012-05-10 23:52 . 2012-05-10 23:52 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\cefe28fde401a6a5718d1718c345fb37\WindowsFormsIntegration.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\80b163ba2ca4585d9c6c76255bc4ea5e\VistaBridgeLibrary.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\5824c30e34d4ee597d599e7e11202983\VDialog.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\bf634b0e2e28466c6ed6ae1eb602b09f\UIAutomationTypes.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\1ff8fb81d6f045f1dc6f50be95444292\UIAutomationProvider.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\1f36e020c3563e0ff414f13138e238e1\UIAutomationClient.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\769b7666d915de95db5b63ec22bf3e42\TaskScheduler.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\de45d043775d8c805f6feca40d7a9ed2\System.Xml.Linq.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\181702fb83901c085401957c6f731cf4\System.Web.Routing.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\76662ce36d2141e45513e64386073cc2\System.Web.RegularExpressions.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\9b9d3e3e44dc7d03bb96033a5b829a6b\System.Web.Entity.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\ad2339c5f0fd9aa8a9989800825da487\System.Web.Entity.Design.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\8309dc5dd39b93f3e105a4d455b74a00\System.Web.DynamicData.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\a79640760b61cc1c23ac3cfdfa6f0f3f\System.Web.Abstractions.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\ec95ad2463c5588fc8ef552b3f375ee6\System.Transactions.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\05acafa7eb44049849a5aafd39147ee5\System.ServiceProcess.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\1875b50d0228f29aef00bed38ab594d6\System.Security.ni.dll
+ 2012-05-10 22:16 . 2012-05-10 22:16 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\807759890a40e4047c35a24e64dc76d5\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\3b3581851a728bef36f319e9d4c72499\System.Net.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\b4297ef47e0839fce0145f665349dcc9\System.Messaging.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\599954438a668c94dd38e8e7e506ac2a\System.Management.Instrumentation.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fd51741bfd973ad507bbd141e98932f8\System.IO.Log.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ef6abe121bb11bff2514bfdfb7e76b7a\System.IdentityModel.Selectors.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\e7abd70c16a5e638a7121fc5f68484cc\System.Drawing.Design.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\4bb1134d9b166434327385ddf3c5dd54\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7c4ce1b8a2f83ef29aa6d5f126ab5b71\System.Data.Services.Design.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\19d1414f1ca718ce4d0c07e7305b3450\System.Data.DataSetExtensions.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\4aebed13b5309398cd809454cafe472f\System.Configuration.Install.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\9536bb262c4f1ea389d287ab669767d4\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\84262138e2e9f34c88fd282caa82baa5\System.AddIn.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\176899be7b920fb20408ff49e636a776\System.AddIn.Contract.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\ee0608cd62dfb37016016884fc39e425\sysglobl.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\9fa1abf006689e262527ae50d452e97e\SMSvcHost.ni.exe
+ 2012-05-10 23:48 . 2012-05-10 23:48 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\2eac9c598de3341eba5c16787c74f220\SMDiagnostics.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\89de197bdde5984658045ade41c2c9b9\PresentationFramework.Classic.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7ffb91db770d0b09921f623bc5d68b4f\PresentationFramework.Luna.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4f3567165e2a444fc9a62980c4d0ea82\PresentationFramework.Aero.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\205bb33cef9ae6b906ceadd6f2861c86\PresentationFramework.Royale.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\bc8a2d99d8ebd29f94905072ccf4b3b8\napsnap.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\b79da521cf602154b475ea740cc7fd3b\napinit.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\5f0ae15f9d1cade37fbfaacff7e64bff\naphlpr.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\5346ceca518baf5e5fa3fed9f900f792\napcrypt.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 402944 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\14f8e579ea2cc967c9bab56a09ad4c27\MyDock.Util.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\8f792883d0adad8c7beccf24aed65817\MSBuild.ni.exe
+ 2012-05-10 23:50 . 2012-05-10 23:50 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\926d20041c179cebc6f4398155b1b2c4\MMCFxCommon.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\b78beede8a3c9720095dde4a4a162acc\Microsoft.WSMan.Management.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\83222514e209f186ad3a1c3794168bfd\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\a843956bb452503139683304de4cc8f6\Microsoft.Vsa.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\c56d6513e4b239b1b1dbe29b0588321a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fb0d102ca78bd05fe7064b9e6be30fc7\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b21fa6ff448b99a97319e18c166c03e2\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c3fe42a14ac5b48ebd43be290973d24\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2572e94f9d0b412cdc529c8d74fdb689\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f4faec8b6d3e2c327c68070963ec1750\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f04ccbbf5199d2b264f1b1175be44686\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f015188310f7613f819fcf032f98705a\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c5f4ab28f67d5bf0cc221ef81e7f6966\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6dbd502a13b5e3caae0b1f2b4847612f\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\514667153fd74307d21e7f50b79858c9\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18367b9a0b9e9261d1d9e371230af87c\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\718cd5a598ed3e225a73b2aba7bcc1e1\Microsoft.ManagementConsole.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d68a27daca73749e4438a47e61643c3c\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\3151235c1c38db94fd44e3c6f290ff38\Microsoft.Build.Utilities.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\cf5e9b5d10682467a9e03358a6d6258f\Microsoft.Build.Framework.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0f233d0eb396065719e83ab573a72cc5\Microsoft.Build.Framework.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\2416af06edb993f98a751acb69f67016\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\69286d5692277a166404cb897a8b2e7a\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\74e4adc90675c3b1365825c7e78b5ce9\Mcx2Dvcs.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\4a1f9a648a3928d42b77a91666d9aa8a\mcupdate.ni.exe
+ 2012-05-10 23:49 . 2012-05-10 23:49 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\40d70417c04f9ccb5fdecb5b9be5a6a3\mcstoredb.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\927ada02b440d95fdf36a37ee96aaa54\mcplayerinterop.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\35023ad5cb299ca2020bd660f5dba2fc\mcGlidHostObj.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\3fc113fe40d0145cd87afca2d107bf6d\MCESidebarCtrl.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\0bd8d37bc6f648d092e1d8034609a107\EventViewer.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\584d419d4c837ea19f7f450a807b0273\ehRecObj.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\20c3505378a50f4859c9b2e7dcbb5fa2\ehiWUapi.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\2f9f48ad6496c9103043db1c21a651fd\ehiwmp.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0955237aa3c1cb3a643248b8c58ec34c\ehiUserXp.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\7998173654fa518876cc97e37b86d465\ehiiTv.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\6c97aa6908f96ac9816ce74e4f6251ac\ehiExtens.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\a501747a95523297a8a1f119df8b1642\ehiBmlDataCarousel.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\414bbac4e1d7761a336bb9d74b9b243a\ehiActivScp.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\24d3859bba3ed02775f22c50ae5ab5a6\ehExtHost.ni.exe
+ 2012-05-10 23:48 . 2012-05-10 23:48 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\ff7ef4caed03d6934669d1a39877a8ac\ehCIR.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\b7916689137fd0bc9ba1ba5a27e2a38a\CustomMarshalers.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\cc6e6febcd804604bf4d92d0eb8ec6ae\ComSvcConfig.ni.exe
+ 2012-05-10 23:47 . 2012-05-10 23:47 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\d18719c2df1334364cac199bb9c86adf\BDATunePIA.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe
+ 2012-05-10 23:43 . 2012-05-10 23:43 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f77fce25dd92edeaabc82b974aa07405\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f3f0b329b55a2116a4adbd5b1e8192da\WindowsLive.Writer.Interop.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dfe80d53679a718a297e2c194cb995f4\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dbbb5914ff727ce0f6793177c4da31ba\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c532739f321891af14f02114ae8ef284\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c3902b80bdc944a554776f5d6c07cff9\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb3e7c55751c5ac738006b543cd1b183\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aab0bad2dc60d6748745835dc38c52c6\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8fa39c2020c4fc79f399f224b59bd4a4\WindowsLive.Writer.Controls.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b7b104895037121090062d97855ed48\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\87f1094d48016e76451b56ccea04ba98\WindowsLive.Writer.Api.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43f78ae7292b5d31b471b9ecf89430af\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29a4bfb2662c8e108152983c5a1cf509\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\192746f3a18da9e978f89dbf2cb67c5c\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\091657a3e9d01b55993186fa713d9e5f\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\adfac934a7fc1bc2b0b5530c606a741f\WindowsLive.Client.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9bfbf0613d3780e34d98333c7b381218\WindowsFormsIntegration.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\779b08c46960a1824503aa6f089673fa\UIAutomationClient.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\c4edf782e69aa24453554f8b6cb40773\TaskScheduler.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d75f0b1e2ea688466552da04fd805949\System.Web.Routing.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b129372a27469195acbe3b6b81786ef\System.Web.RegularExpressions.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5d6fdd022660b8ca4be19ff06ddfee7a\System.Web.Extensions.Design.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\d084aa31b82c66eb83e40853ba961b48\System.Web.Entity.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\53ca1042189a64dcd1f8ff487922b749\System.Web.Entity.Design.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\0b8a9e120d8f557a9702229e3c64987c\System.Web.DynamicData.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5d95b9a6cee5a9b1aac34b5d33c721ba\System.Web.Abstractions.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\0b5f082230e3486412e0fa333290e85a\System.Net.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f1241239a9b8229f91ce55d230fad38c\System.Messaging.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8280490a2939075b726fd051d9010cc0\System.Management.Instrumentation.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a03191ed937f6c1dc827b53d94ea0176\System.IO.Log.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\6b16664ac4ab46643c4a7fdd960ef9fb\System.Drawing.Design.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55545e89f96539ef93375524d1145a6f\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e36e03067b12bc35fcc3787dc81022c8\System.Data.Services.Design.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a29fff52e2c3d13ec15e8701027ab17\System.Data.Entity.Design.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d3325c6bced333a67122db7414c1fd1e\System.Configuration.Install.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\1ed79278fe139272e868e3a53d736f22\sysglobl.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b0b19607668635281fa260707f4352f\SMSvcHost.ni.exe
+ 2012-05-10 23:43 . 2012-05-10 23:43 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7df1f379457aa5f39183903d115b5479\PresentationFramework.Royale.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\496bc57a53989bb83ec58865fa34be1d\PresentationFramework.Luna.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\9e0dafde490fbb06e0624ad4e5355b58\napsnap.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\782ffccdf30881e1eb1236c3fd7e959b\napinit.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\e0c40329b9cdd7f141a3702d79eb4bda\naphlpr.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe
+ 2012-05-10 23:43 . 2012-05-10 23:43 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\9e8d56153e65d3cf74342c741126d396\MMCFxCommon.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\070505350ec9daa3343b3cd2bc8cf59e\Microsoft.WSMan.Management.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1e639225ba30d7f182b893ddacea506b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4c36b363fcd1ca494218e74ba606e99\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba2ca86f5d270f493501848843d2f227\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\607324a312b1c6d7fbede8300e8cee91\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f1185444c8a12ace85ba4c2d49f41f8\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12715b7e3e89758161053520b57764b2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\f077b7199d773c7812c04bb146014257\Microsoft.ManagementConsole.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7e59b3b84ca3c61adfc0dc74a65ea177\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\432160eff3b1f9301c6a74c2e647e03d\Microsoft.Build.Engine.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8297305de86377d0070a983d99a7f943\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\541a5bb4d0f8490e506f885a4b435566\mcstoredb.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\185067f9c70ccbccb4431063f9054b66\EventViewer.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\5ae5c6732ef8e7115baaeb66fd69cdd2\ehRecObj.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\c4a5ce4f89c53b9601d13d22d01cf0bf\ehiVidCtl.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\cbf3a07d3ab873b19f47d6a24f06c796\ehiProxy.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\5cc4a5672758f4732ef430b3431f47fc\ehiExtens.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\15b24807d7e7cae1db4f285f04cb82d7\ehExtHost32.ni.exe
+ 2012-05-10 23:43 . 2012-05-10 23:43 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe
+ 2012-05-10 23:42 . 2012-05-10 23:42 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\e1c3540ffb669448747187f76c6ebe82\BDATunePIA.ni.dll
- 2011-06-11 23:30 . 2010-11-05 01:53 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-10 00:48 . 2012-01-04 02:50 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-11 23:31 . 2010-11-05 01:53 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-10 00:48 . 2012-02-10 23:29 358912 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-11 23:31 . 2010-11-05 01:52 358912 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 372736 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-11 23:31 . 2010-11-05 01:53 372736 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-07-14 00:03 . 2009-07-14 01:41 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
+ 2012-05-10 00:47 . 2012-03-31 05:40 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
+ 2009-07-14 04:45 . 2012-05-10 22:16 7114451

New ComboFix Part 2


c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-18 00:00 7114451 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-03-22 03:21 . 2012-05-10 03:50 8168128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2341466117-3050677054-3231783024-1006-8192.dat
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:52 . 2012-01-19 17:52 3825952 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5029160 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1512712 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2012-05-10 00:48 . 2012-02-10 23:29 2256152 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
- 2011-06-29 11:37 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-10 00:48 . 2012-01-04 03:34 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-10 00:49 . 2012-01-04 03:34 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2012-02-16 01:26 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-05-10 00:49 . 2012-01-04 03:34 9992464 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2012-05-10 00:49 . 2012-01-04 03:34 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-10-13 11:53 . 2011-07-08 22:31 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-05-10 00:48 . 2012-01-04 03:34 1577232 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-05-10 00:48 . 2012-01-04 03:34 1756432 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5029160 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 1737496 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
- 2011-06-29 11:37 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-10 00:48 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-10 00:49 . 2012-01-04 02:51 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2012-02-16 01:26 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-05-10 00:49 . 2012-01-04 02:51 5925136 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2012-05-10 00:49 . 2012-01-04 02:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-10-13 11:53 . 2011-07-08 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-12 04:01 . 2012-04-12 04:01 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-12 04:00 . 2012-04-12 04:00 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-10 03:46 . 2012-05-10 03:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\3643a13.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9101824 c:\windows\Installer\3643a0b.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9586176 c:\windows\Installer\36439f5.msp
+ 2012-04-30 18:38 . 2012-04-30 18:38 5011456 c:\windows\Installer\36439d2.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\3643980.msp
+ 2012-03-15 06:24 . 2012-03-15 06:24 1795584 c:\windows\Installer\3643978.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\364394e.msp
+ 2012-02-17 12:45 . 2012-02-17 12:45 2299392 c:\windows\Installer\3643946.msp
+ 2009-12-06 18:55 . 2012-05-10 03:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-06 18:55 . 2012-04-12 03:59 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-06 18:55 . 2012-05-10 03:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-05-10 03:50 . 2012-05-10 03:50 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e41f5739292f4771c64a55940369efd2\WindowsBase.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\6ee9d76d9f1e618cd6fb94b13355bcc9\UIAutomationClientsideProviders.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\28ca4f076264ab07f1d00a6c9623dc49\System.Xml.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df013cbfec0defc7e9997cdaa90b89bc\System.Xaml.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\9e50e3bca6cb19f9acab815d46f5e7e5\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bc6df78c506c89659ab7be738179b2ba\System.Web.Services.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\cd7c3aed4408c3554c30a8f0236b90e1\System.Speech.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\94289b88c5b494f572cd7114fa995487\System.ServiceModel.Activities.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\2dbc7aabd92cc0d470acb455c498d919\System.ServiceModel.Discovery.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\affb28e2d9cc3c19de0758e7e8c68e8f\System.Runtime.Serialization.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b37e6f4b1d742031f328504eb99d0f6c\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\682ea473b36fc9043d982c4f5a667568\System.Printing.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\b83f2453b4538b2e80fe09cfd94dce00\System.Management.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\60bf6251873ef465abcebeb9a24b7932\System.IdentityModel.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\dadeee26c90fecbf3196eba10dc077b4\System.Drawing.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\a68116468a194678fd04167067134712\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\3a737af86a6a819af97a6d1a04c0e944\System.DirectoryServices.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\f20144fba069563333d0f6be2e0b6e06\System.Deployment.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\0ec8effb7b9d03ae69d37922813bc880\System.Data.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\0eb72df497fad5c273ff16f88b0fb950\System.Data.SqlXml.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\536e12016ad3adc78e0708b77e6b9219\System.Data.Services.Client.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\86553c1d7f3e66c17fc3e0274de7a2de\System.Data.Linq.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\6aea67f24827961ce1d48356715389d8\System.Configuration.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\eac19ca5a18a6d08cd247e68b618ba68\System.ComponentModel.Composition.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\3869077874ba987242c791b3a18b2f8b\System.Activities.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\a7c19841c70fbce3b17ad3a46ee410d8\System.Activities.Presentation.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\96083298999a677341c98fc2bf01b248\System.Activities.Core.Presentation.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\fe1704ff12348776e6b70dd4a2c69163\ReachFramework.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\b0b05b1ecbfb813474f685de13027585\PresentationUI.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\a36cd27bd492b55a5f443a4b4029f569\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\93536d93a44ce7d5a60faf1aeb55f49e\Microsoft.VisualBasic.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\16425c121db8083cbaa51f619c9e51e7\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\5284682fcf04815a86233bcaf696da66\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4b1d24a96b3882f9e77445e48a7c59ee\Microsoft.JScript.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1ff62486cdefbfc2dab41b686a9aa4e2\Microsoft.CSharp.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\24ed0e1df6a605cdb2088f87ae2ab8ff\UIAutomationClientsideProviders.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\8ca12588b9ef54dbd02e607699fea6ae\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f368c85283c4e6c9650dd1c8d369dcc5\System.Speech.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\bd371863e99082fa48cd630a73259448\System.Printing.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0fe1e56d17858b6156a3a46330f75f27\System.DirectoryServices.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b4d98f7c7a434aff4e18cb724deae4\System.Deployment.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 2550272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\fdb98c6d783fe167c1dc0022f27b7cd6\System.Data.SqlXml.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b894a1df3e6d58ada8f1aa303465ca23\System.Data.Services.Client.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\82c0c56ff8259e1440cfd0d5727a26d8\System.Data.Linq.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 7069184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\51025a1c89f6fd752a5396a059d608b2\System.Activities.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\ebdd265de5f0300069da5f64983eca82\System.Activities.Presentation.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\66893548d2b2cad29cabf3b3578f356f\System.Activities.Core.Presentation.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\4b6c6c090a1bcfe70c056f6c7116e8a9\ReachFramework.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ea5933189eb5f066028b6e7d27d1d797\PresentationUI.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ebae0a4b7d3ae616b70417e6c778f48c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\92694d06b9da1bff8e1722913a1d62bc\Microsoft.VisualBasic.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42a7f127f3fda82fb12c6a6e144d08c1\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9a37f4e64ce5b856ac3892fef064c7de\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\cfcc92c125ddfaabad24abe61cfc0471\Microsoft.JScript.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 1616896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9912b6d76c1017b5af6ef24730f550ca\Microsoft.CSharp.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4bcc5a6e9e9d25e068fc304bd7eda6af\WindowsBase.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\783df1ee260d3df406fa80afa38502d4\UIAutomationClientsideProviders.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\b7d8410b7226a2654823657f0a714441\System.WorkflowServices.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\8ac687b7f43937c81f1c49d14975c740\System.Workflow.Runtime.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\6fdec1a3278d87cbbc5211736d446d32\System.Workflow.ComponentModel.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\052fd2c15eb37e00cecf33f6d13d9b09\System.Workflow.Activities.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\6a0b589c4c1467f6b783991842a0f961\System.Web.Services.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\395c96f5d2a876805d3846d396081c79\System.Web.Mobile.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e4860ce9959b3593834516b4a6a75593\System.Web.Extensions.Design.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\baa7ed93207641c186f79f82ee22aea0\System.Web.Extensions.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\ca51f026916139f886519fdf6d6c73e9\System.Speech.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\56ee9b5f220583c1c7374a61ad904044\System.ServiceModel.Web.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\265531568722647aab229a2cec195b3d\System.Runtime.Serialization.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\2a02b172fa4cf3d93ce7388b67b2a199\System.Runtime.Remoting.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\f0bcd188487600cb07ce08dfd7b471ba\System.Printing.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d1f21a29e79e73b5401fae156f339f67\System.IdentityModel.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\92c038385ee5b9840e941f9c84b988df\System.Drawing.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\39d16229a3d5c6e7c1594ef10758bf75\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\152ef61928f1c300fdad8fa6d5905880\System.DirectoryServices.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7c7024b309424dfaf8abae617f669fa0\System.Deployment.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\ea1848ec07c70f3d3c3445f4fbdae87a\System.Data.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\7f6f74f1cc0ea6c40a2d6707b12af818\System.Data.SqlXml.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0679fe5f3f9164f499e50cdade962ba3\System.Data.Services.ni.dll
+ 2012-05-10 23:52 . 2012-05-10 23:52 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\2e9de1acfb7974cad94b747442ca325f\System.Data.Services.Client.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\97429a1c70c94c49850be3f944a32a2e\System.Data.OracleClient.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\2ec3d436b861d35c586b710a570e170d\System.Data.Linq.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7b5364bc524988f7ca5b8c20a24119d\System.Data.Entity.Design.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\766ce7ee1a2e4f2a85fd90e7572f5d53\System.Core.ni.dll
+ 2012-05-10 22:14 . 2012-05-10 22:14 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\d6379f3503f00cf1c2bb4f6118efdbd9\ReachFramework.ni.dll
+ 2012-05-10 22:16 . 2012-05-10 22:16 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\5fa575ebe76aab9d9fd07ce601c0d2e1\PresentationUI.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\4fbff79b8ebf082d08c0080923ff5036\PresentationBuildTasks.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\d0c041e321cf4d752d5113a0cdbccbaa\Narrator.ni.exe
+ 2012-05-10 23:51 . 2012-05-10 23:51 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\051b72a48f2c3f7ddd7353c7d5479b10\MMCEx.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\c79bf402b4840e3b0021f75cf467f82b\MIGUIControls.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\70b3f55017e9ddb67ce0f3c983eb6f37\Microsoft.VisualBasic.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\28ba52bc122353647f1b547506e2df7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f5790625975320b1ffad63b476da9132\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f29b31b09b826a27cced362030561d00\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d0328b4733d1a99d342a84928e319d4f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99049fd20c2a5e2779e879c2d95c96a2\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\efdc3b97b3c9d01dd00959970d086937\Microsoft.MediaCenter.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c057be8bb6614cce013af3721fe34983\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5c50dfc78bd40be7ca0d850c781671e4\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\31fb31c16a37080687f869db6b443adf\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\260d83ee2128a3388051cf416d4450b0\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\094f6a515ca31504f96b4bad5848d692\Microsoft.JScript.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a27890dd120635ba590a6fc9d9014197\Microsoft.Ink.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\588a688a0b71a211247d8e18b05d61e4\Microsoft.Build.Tasks.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4eeee4447f5045df9b4157d38d267de9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f1a0df6a86ceb708c5e50338f12b77ba\Microsoft.Build.Engine.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6b727c7aa69ae3e04a869908bfbae696\Microsoft.Build.Engine.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\208e6937e39f8f516536ba5f23e79687\mcstore.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\596902addad034f4df2caf291b12d61d\mcepg.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\cdad46cd58389f53308b735e6f29ce1f\ehiVidCtl.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0423915e377ec85d71ac216fafa77ab0\ehiProxy.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 3412480 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\24264ea3abeba6d90b061ca3fd6fa5f1\DellDock.ni.exe
+ 2012-05-10 23:42 . 2012-05-10 23:42 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d6958ff537cc945adf130cb82026c799\WindowsLive.Writer.Localization.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8fcc0da950b0eb0394999b422f5e6d2c\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3572385cf62262e7777ada6d068ef01d\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-05-10 23:42 . 2012-05-10 23:42 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\035f5ba8c52b78354b774a929f0d38f8\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3b452cde57280624e1085699fe8beb03\UIAutomationClientsideProviders.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\439862b007b2dd84127ff35af476f5ad\System.WorkflowServices.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\bfa1ffe928b4e3fd6701aabfee7df15e\System.Workflow.Runtime.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0a7d29e1614521f3a87cd5a13e57f9f1\System.Workflow.ComponentModel.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\edac556f009c25b62ef1a040152e9cda\System.Workflow.Activities.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0307caacafd3e157fc003ed4743c5e2e\System.Web.Mobile.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\04442376410587c6de88f4b84cc69b1a\System.Web.Extensions.ni.dll
+ 2012-05-10 23:45 . 2012-05-10 23:45 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d900f9ec12af9070d7c8f061a2b2618c\System.Printing.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a8495b797e6f7adddc5811a4e1f97db5\System.Management.Automation.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\bf659f9bb758ac14ed7a37bdfe965849\System.Deployment.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e9774272e9fc6ca49e6c616a31783040\System.Data.SqlXml.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3285887b33030a7ce453573d3bed4e95\System.Data.Services.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\330d3ad45a00455b537047183e128def\System.Data.Services.Client.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0f4e07fb8b1b7e7133a98f478856f70c\System.Data.OracleClient.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\305c4315c192a2964a312051caa5259e\ReachFramework.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\b935f8a4e6115d3eeb7bb293bf4b2257\PresentationUI.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b3f13707cbd5d48aabaa9ef5264c8a30\PresentationBuildTasks.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a96e05eaed77a88a7a495091ed8296dc\Narrator.ni.exe
+ 2012-05-10 23:44 . 2012-05-10 23:44 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\0310b6efd8cd8b1b90bb78303d014081\MMCEx.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\6e602986ed39fd1f9e3801ee96b63f41\MIGUIControls.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cd9e47effec6549cdec61eb3aef99f7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d62bb06df2169fa249006539173d6b5f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\870bb30c079ed5bc201057d71661601f\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-10 23:44 . 2012-05-10 23:44 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7ee29045f76b1e9577bfc1e0fab723d8\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\9ac798ce15e5c0336f43b624af7363ec\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\0cb862d3708c15fe0f5c66d2a40cb074\Microsoft.MediaCenter.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\89ebef016091d09d58c8a1066def8bcd\Microsoft.Ink.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\81b8987ca8661d6af40ead6311c45724\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\52e05f8fa4314803ceab2befae2e0a39\Microsoft.Build.Tasks.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b66f52dbd8f87e53c3c9a1de7ca5bba\Microsoft.Build.Engine.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\14defdf34097afaf302497a7d612aaaf\mcstore.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\69b8de21b08c3412422c5918399ed702\mcepg.ni.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 1253376 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-06-11 23:31 . 2010-11-05 01:53 1253376 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-10 00:49 . 2012-01-04 02:51 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-16 01:26 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-10 00:48 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-29 11:37 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-10 00:48 . 2012-02-10 23:29 2256152 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
+ 2012-05-10 00:48 . 2012-02-10 23:29 3998208 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-10 00:49 . 2012-01-04 03:34 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 11:53 . 2011-07-08 22:31 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 1737496 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
+ 2012-05-10 00:48 . 2012-02-10 23:31 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-06-11 23:31 . 2010-11-05 01:53 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 11:53 . 2011-07-08 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-10 00:49 . 2012-01-04 02:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-14 02:34 . 2012-05-10 22:10 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-17 23:56 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-01-28 15:11 . 2012-05-10 03:48 57848688 c:\windows\system32\MRT.exe
+ 2010-07-15 02:37 . 2012-05-14 04:08 19140016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2341466117-3050677054-3231783024-1000-12288.dat
+ 2012-01-19 18:20 . 2012-01-19 18:20 11997696 c:\windows\Installer\36439df.msp
+ 2011-12-15 18:54 . 2011-12-15 18:54 39732736 c:\windows\Installer\36439bd.msp
+ 2012-05-10 03:38 . 2012-05-10 03:38 20343808 c:\windows\Installer\3643932.msp
+ 2011-09-16 01:42 . 2011-09-16 01:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2012-05-10 03:43 . 2012-05-10 03:43 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\935aea6e7eae16674abdd96a68ec97af\System.ni.dll
+ 2012-05-10 23:54 . 2012-05-10 23:54 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\401ebcc2dd54ce1e0d63a544f7ed7b8a\System.Windows.Forms.ni.dll
+ 2012-05-10 23:56 . 2012-05-10 23:56 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\c4cc7eb7733c4221c32caccfd66ae320\System.ServiceModel.ni.dll
+ 2012-05-10 23:55 . 2012-05-10 23:55 18479616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9df4e7ae75baa7bbb1af30c8061a6e9b\System.Data.Entity.ni.dll
+ 2012-05-10 03:49 . 2012-05-10 03:49 10440192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b64f213e823a591607c45fac4997801e\System.Core.ni.dll
+ 2012-05-10 23:53 . 2012-05-10 23:53 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\34c2013b5f730680bd610d6a98d2977f\PresentationFramework.ni.dll
+ 2012-05-10 03:50 . 2012-05-10 03:50 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\4464e9df7184e3393b4cbb0f6dc286ba\PresentationCore.ni.dll
+ 2012-05-10 03:43 . 2012-05-10 03:43 19353600 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\6087fce8f76d9af69af496cb10b7d1ee\mscorlib.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
+ 2012-05-10 23:47 . 2012-05-10 23:47 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
+ 2012-05-10 23:46 . 2012-05-10 23:46 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7aa839fb16503243d6ae454ab334bcf4\System.Data.Entity.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll
+ 2012-05-10 03:47 . 2012-05-10 03:47 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll
+ 2012-05-10 03:44 . 2012-05-10 03:44 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
+ 2012-05-10 22:14 . 2012-05-10 22:14 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll
+ 2012-05-10 22:16 . 2012-05-10 22:16 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\e2ca64137e0da231edc4d158b153e4b7\System.Windows.Forms.ni.dll
+ 2012-05-10 22:17 . 2012-05-10 22:17 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\1cb5a7cbd9cdf50f1d48cee830331c9f\System.Web.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\f74b2d1b8cf279ff6bfe479f79e70fe9\System.ServiceModel.ni.dll
+ 2012-05-10 23:50 . 2012-05-10 23:50 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\00c4a761d0a5cafc00f34d763fe76ac4\System.Management.Automation.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\78c747493d14dd3db5134d26e623851c\System.Design.ni.dll
+ 2012-05-10 23:51 . 2012-05-10 23:51 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\daaff9fe9c85fc171d426a3cb6766dbb\System.Data.Entity.ni.dll
+ 2012-05-10 22:16 . 2012-05-10 22:16 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9aa6320f06da2553fb04e78722c739c8\PresentationFramework.ni.dll
+ 2012-05-10 22:15 . 2012-05-10 22:15 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\4dc6e89ac37368291890ba27c374208b\PresentationCore.ni.dll
+ 2012-05-10 22:14 . 2012-05-10 22:14 15570944 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll
+ 2012-05-10 23:48 . 2012-05-10 23:48 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\9540690af5cff38a83ebfc4028450245\MenuSkinning.ni.dll
+ 2012-05-10 23:49 . 2012-05-10 23:49 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\d19a72cf466c23b193009386b25049ba\ehshell.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
+ 2012-05-10 23:43 . 2012-05-10 23:43 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
+ 2012-05-10 22:20 . 2012-05-10 22:20 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\649766df70bab5885c1b74a1491d60cb\System.Design.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
+ 2012-05-10 22:19 . 2012-05-10 22:19 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
+ 2012-05-10 22:18 . 2012-05-10 22:18 11492864 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-12-04 115560]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Andrew & Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Meeples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S0 62853215;62853215;c:\windows\system32\DRIVERS\62853215.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2341466117-3050677054-3231783024-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,15,ac,b2,1a,3b,31,5c,89,b0,cd,56,20,81,76,1c,ad,8a,cf,7f,08,
bc,6f,c4,b0,02,41,5e,0f,84,04,85,df,fe,c9,ac,80,13,0a,f6,13,7e,74,30,9b,15,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-14 18:09:19
ComboFix-quarantined-files.txt 2012-05-14 22:09
.
Pre-Run: 476,975,677,440 bytes free
Post-Run: 477,043,232,768 bytes free
.
- - End Of File - - 3001A5AEB5484EFC94CD94E972B718FE

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 AM

Posted 14 May 2012 - 05:57 PM

Still redirecting? Redirecting in all your browsers or just certain ones?

I also need the MBR.dat file that is on your desktop. You may need to rename it MBR.zip before you attach it.

Edited by fireman4it, 14 May 2012 - 05:59 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 mmcook

mmcook
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 14 May 2012 - 08:01 PM

I have tried Firefox and the redirect seems to happen more frequently in Firefox. Typically after just a few links. It is definitely still happening there. In Explorer it seems to happen less frequently. I haven't experienced it yet tonight. I don't have Chrome on this computer.

I haven't seen the pop-up yet this evening on either browser.

I tried to open the MBR file (the one dated 5-7-12?) but it would not open. I then tried to rename it MBR.zip, and this seemed to turn it into a zip file, but it still won't open.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users