Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abnow redirecting Firefox, firewall broken


  • This topic is locked This topic is locked
80 replies to this topic

#1 kistos

kistos

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 May 2012 - 04:00 PM

Firefox redirects to abnow with any search. Cannot enable Windows Firewall either, even through "services". Windows 7 Home Premium 64-bit, HP Dv4 Notebook PC, Dual core AMD, 4gb RAM.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Lupita at 13:57:58 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.3261 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Lupita\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tray_ico]
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Lupita\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{253471C3-EB5E-4A71-8C5D-A5698394A0DA} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{253471C3-EB5E-4A71-8C5D-A5698394A0DA}\7416D6563714E6974596D656 : DhcpNameServer = 192.168.0.1 192.168.0.1 0.0.0.0
TCP: Interfaces\{E878202B-407B-4356-9F27-D0387E19D122} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
BHO-X64: MediaBar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO-X64: Symantec NCO BHO - No File
BHO-X64: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [tray_ico]
mRun-x64: [tray_ico2]
mRun-x64: [tray_ico3]
mRun-x64: [tray_ico4]
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lupita\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lupita\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lupita\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe [2010-3-24 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
S2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-7-31 517632]
S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-5 228408]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-13 19:13:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-13 18:10:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:46:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-13 17:46:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-13 09:55:19 -------- d-----w- C:\Windows\System32\SPReview
2012-05-13 08:00:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-13 08:00:18 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-13 08:00:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-13 08:00:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-13 08:00:17 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-13 08:00:17 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-13 08:00:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-13 07:00:32 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-13 07:00:29 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-13 07:00:26 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-13 07:00:26 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-13 07:00:25 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-13 07:00:25 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-13 06:43:53 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-13 06:43:52 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-13 06:43:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-05-13 06:43:20 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-05-13 06:38:11 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B3707F48-75E0-4082-828C-004C83762BB1}\mpengine.dll
2012-05-13 06:35:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-13 06:35:01 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-13 06:35:01 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-13 06:35:00 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-13 06:35:00 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
==================== Find3M ====================
.
2012-05-14 20:22:35 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-05-13 10:06:04 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-13 10:06:03 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-16 14:17:38 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 13:58:09.92 ===============

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:06 AM

Posted 14 May 2012 - 04:15 PM

Hello kistos ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:




We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:


Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.




Regards,
Georgi

cXfZ4wS.png


#3 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 May 2012 - 04:25 PM

I saved ComboFix to my desktop, ran it, didn't touch mouse or keyboard, saw the screen and the green loading bar go all the way and once it disappeared nothing else happened. I looked in C:, no files named Combofix.txt or of the sort were found. I ran it in SafeMode, should I run it in normal once again?

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:06 AM

Posted 14 May 2012 - 04:28 PM

Hi,



Do you have an empty USB flash drive?
We can try an alternative method.



Regards,
Georgi

cXfZ4wS.png


#5 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 May 2012 - 04:29 PM

Yes, I'm actually not connected to the internet on the laptop, browsing forums on my PC and transferring files with my USB. What should I do next?

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:06 AM

Posted 14 May 2012 - 05:03 PM

Hello,



Lets give it a try. You will need a flasdrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.



Regards,
Georgi

cXfZ4wS.png


#7 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 May 2012 - 05:21 PM

Thank you by the way for taking your time in helping me!!
Followed the instructions step by step, and got my file ready. I still have the Farbar Recovery Scan Tool window open with the Search, scan, search files, and Fix buttons open. Will leave open until further notice!

Here is the log from FRST.TXT

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 14-05-2012 15:16:28
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] "C:\Program Files\IDT\WDM\sttray64.exe" [487424 2009-08-25] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-11-05] (Sun Microsystems, Inc.)
HKLM\...\Run: [BellSouthWCC_McciTrayApp] "C:\Program Files\BellSouthWCC\McciTrayApp.exe" [3444736 2009-11-18] (Alcatel-Lucent)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [tray_ico] [x]
HKLM-x32\...\Run: [tray_ico2] [x]
HKLM-x32\...\Run: [tray_ico3] [x]
HKLM-x32\...\Run: [tray_ico4] [x]
HKLM-x32\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1955208 2011-08-15] (LogMeIn Inc.)
HKU\Lupita\...\Run: [Google Update] "C:\Users\Lupita\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-09-12] (Google Inc.)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-07-18] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-07-18] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-11-08] (LogMeIn, Inc.)
2 lxdn_device; C:\Windows\system32\lxdncoms.exe -service [1039872 2007-11-28] ( )
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-07-27] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-07-27] (Alcatel-Lucent)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe [240640 2009-08-25] (IDT, Inc.)
2 Wuser32; C:\Windows\System32\spbbcsvc.dll [5120 2009-07-13] (Iomega)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1 [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
1 ccHP; C:\Windows\System32\drivers\NISx64\1108000.005\ccHPx64.sys [615040 2010-02-25] (Symantec Corporation)
3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-07-24] (Symantec Corporation)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-09-17] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-09-17] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-09-17] (LogMeIn, Inc.)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-11-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2009-11-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-11-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2009-11-18] (Printing Communications Assoc., Inc. (PCAUSA))
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1108000.005\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [125344 2010-01-29] (MCCI Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1108000.005\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1108000.005\SYMEFA64.SYS [221232 2010-04-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-07-24] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1108000.005\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [451120 2010-05-05] (Symantec Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [x]
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100920.001\IDSvia64.sys [x]
4 LMIRfsClientNP; [x]
3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100921.003\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100921.003\EX64.SYS [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: DSI_SiUSBXp_3_1
NETSVC: nsvcip
NETSVC: pdengine
NETSVC: pnrouter
NETSVC: caboagp
NETSVC: se58mdfl
NETSVC: WacomVKHid
NETSVC: hwpsgt
NETSVC: hsfhwazl
NETSVC: mwsejcap
NETSVC: BCMTPM
NETSVC: pshost
NETSVC: stylexphelper
NETSVC: nicser_wmp11
NETSVC: tappsrv
NETSVC: prodrv06
NETSVC: SbcpHid
NETSVC: DFUBTUSB
NETSVC: aiclient
NETSVC: rtl8029
NETSVC: nvport
NETSVC: FVNETusb
NETSVC: AMDPCI
NETSVC: roxupnprenderer
NETSVC: se2Bnd5
NETSVC: nfsds
NETSVC: ctsfm2k
NETSVC: pcidump
NETSVC: vetfddnt
NETSVC: nwlnkipx
NETSVC: ovsecurityserver
NETSVC: cfsvcs
NETSVC: inotask
NETSVC: elotouchscreen
NETSVC: TVALG
NETSVC: mps9
NETSVC: acrsch2svc
NETSVC: JRAID
NETSVC: pelmouse
NETSVC: WscNetDr
NETSVC: SMTPSVC
NETSVC: venturi2
NETSVC: zunenetworksvc
NETSVC: ELkbd
NETSVC: DCamUSBMke2
NETSVC: EACSys
NETSVC: sprtsvc_dellsupportcenter
NETSVC: HSX_DP
NETSVC: ino_fltr
NETSVC: superproserver
NETSVC: se27unic
NETSVC: ngserver
NETSVC: jobserver_report
NETSVC: abnetmon
NETSVC: slimsvc
NETSVC: IPFilter
NETSVC: blueletscoaudio
NETSVC: symantecantibotwatcher
NETSVC: SymIMMP
NETSVC: nimxdfk
NETSVC: bwmservice
NETSVC: procexp90
NETSVC: bobo
NETSVC: IBMTPCHK
NETSVC: tng-dtmg
NETSVC: rrrspy
NETSVC: grmnusb
NETSVC: cqmgserv
NETSVC: btwhid
NETSVC: CoachUsb
NETSVC: lhidflt2
NETSVC: plscsi
NETSVC: atkdisplf
NETSVC: oracle_load_balancer_60_client-forms6i
NETSVC: nvcap
NETSVC: UBHelper
NETSVC: MobilityService
NETSVC: iomdisk
NETSVC: Slpsvdr
NETSVC: arhidfltr
NETSVC: dlabmfsm
NETSVC: webfilter
NETSVC: ShockMgr
NETSVC: Pctspk
NETSVC: ASLDRService
NETSVC: dklogger
NETSVC: rppkt
NETSVC: zpnodecollector
NETSVC: s217nd5
NETSVC: amusbprt
NETSVC: pdlnatdl
NETSVC: mysqlinventime
NETSVC: livesrv
NETSVC: brmfbags
NETSVC: incdrec
NETSVC: ofcpfwsvc
NETSVC: iaimfp0
NETSVC: MR97310_USB_DUAL_CAMERA
NETSVC: dlaudfam
NETSVC: SE2Emdm
NETSVC: DCamUSBGrandTek
NETSVC: AVCSTRM
NETSVC: lxcf_device
NETSVC: cdrbsvsd
NETSVC: aksfridge
NETSVC: ino_flpy
NETSVC: ProcObsrv
NETSVC: enum1394
NETSVC: abp480n5
NETSVC: vaiomediaplatform-integratedserver-appserver
NETSVC: nfmservice
NETSVC: haspnt
NETSVC: trufos
NETSVC: SiRemFil
NETSVC: dmprimer
NETSVC: tosporte
NETSVC: SE27obex
NETSVC: rtl8139
NETSVC: streamip
NETSVC: radiosvr
NETSVC: tunnelguardservice
NETSVC: dlapoolm
NETSVC: rampartsvc
NETSVC: hcwPVRP2
NETSVC: EUSBMSD
NETSVC: pensup
NETSVC: AVCamUSB20
NETSVC: ashampoodefragservice
NETSVC: s3psddr
NETSVC: s3savagenb
NETSVC: mbackmonitor
NETSVC: ptilink
NETSVC: captureservice
NETSVC: avsinc
NETSVC: EPOWER
NETSVC: Afc
NETSVC: iaimtv0
NETSVC: mssql$microsoftsmlbiz
NETSVC: vsmon
NETSVC: s116bus
NETSVC: rpaservice
NETSVC: ikfileflt
NETSVC: APLMp50
NETSVC: rt2500usb
NETSVC: cvslock
NETSVC: bthidenum
NETSVC: s117bus
NETSVC: guardian2
NETSVC: siside
NETSVC: ftpqueue
NETSVC: imagesrv
NETSVC: FontCache3.0.0.0.
NETSVC: mcusrmgr
NETSVC: tosrfnds
NETSVC: CoachAud
NETSVC: dvd-ram_service
NETSVC: VirtualFD
NETSVC: basic2
NETSVC: SE26mdm
NETSVC: CA561
NETSVC: F700imd
NETSVC: vet-rec
NETSVC: nvata
NETSVC: hpconfig
NETSVC: pdfcreatormessages
NETSVC: dvd_2K
NETSVC: https-admserv61
NETSVC: xusb21
NETSVC: contentindex
NETSVC: Nmea
NETSVC: pgfilter
NETSVC: portio
NETSVC: regsrvc
NETSVC: tomcatcws3
NETSVC: k750bus
NETSVC: EMATCORE
NETSVC: MQAC
NETSVC: hap16v2k
NETSVC: cpsvc
NETSVC: jsdaemon
NETSVC: EIO_XP
NETSVC: rapapp
NETSVC: nvgts
NETSVC: swmidi
NETSVC: CamAv
NETSVC: alim1541
NETSVC: se59mdfl
NETSVC: ADSMService
NETSVC: winpowermonitor
NETSVC: teefer2
NETSVC: s116nd5
NETSVC: tsmapip
NETSVC: UsbserFilt
NETSVC: w200mdfl
NETSVC: db2ntsecserver
NETSVC: co_mon
NETSVC: lfsfilt
NETSVC: digitizer
NETSVC: ec2007service
NETSVC: delldmi
NETSVC: qkbfiltr
NETSVC: CoolerXPDriver
NETSVC: lxbt_device
NETSVC: websensecpmcommunicationagent
NETSVC: hidgame
NETSVC: SE2Cmdfl
NETSVC: symfw
NETSVC: wintab32
NETSVC: Amsmpu4p
NETSVC: ssdiagn
NETSVC: Wuser32
NETSVC: bc_tdi_f
NETSVC: VX3000
NETSVC: artdhcp
NETSVC: cpqrcmc
NETSVC: s3twistr
NETSVC: flutilssvc
NETSVC: rnadirectory
NETSVC: se58bus
NETSVC: se44mdfl
NETSVC: mediaviewer
NETSVC: avpnnic
NETSVC: regservice
NETSVC: RSAFAL
NETSVC: sis162u
NETSVC: apache2
NETSVC: MSMQ
NETSVC: cisvc
NETSVC: protectionservice
NETSVC: AKSIFDH
NETSVC: nipsvc
NETSVC: PDExchange
NETSVC: Angel2
NETSVC: LHidUsbK
NETSVC: dladresn
NETSVC: gmer
NETSVC: vmkbd
NETSVC: pdscheduler
NETSVC: tosrfec
NETSVC: MA_CMIDI
NETSVC: mfeavfk
NETSVC: GT891x
NETSVC: ha20x2k
NETSVC: SeratoUsb
NETSVC: btwaudio
NETSVC: atkkeyboardservice
NETSVC: caili
NETSVC: DCamUSBDXGTech
NETSVC: MSCamSvc
NETSVC: Mvc25U870_VID_1262&PID_25FD
NETSVC: splitter
NETSVC: pdlnepkt
NETSVC: mcredirector
NETSVC: tcsd_win32.exe
NETSVC: NxNetMon
NETSVC: incdsrv
NETSVC: samfilt
NETSVC: sandboxu
NETSVC: Ld51ocnucsnp
NETSVC: jtagserver
NETSVC: oracle_load_balancer_60_server-forms6ip9
NETSVC: HWIONT
NETSVC: raspti
NETSVC: citrixxteserver
NETSVC: SE27mgmt
NETSVC: symdns
NETSVC: TICalc
NETSVC: qconsvc
NETSVC: tdsmapi
NETSVC: sfilter
NETSVC: KMW_USB
NETSVC: paamsrv
NETSVC: vpcvmm
NETSVC: s716bus
NETSVC: fasttx2k
NETSVC: rvscc
NETSVC: aswmon2
NETSVC: prismxl
NETSVC: zebrbus
NETSVC: tmmbd
NETSVC: DivisCTS
NETSVC: wdelmgr20
NETSVC: EAWDMFD
NETSVC: enodpl
NETSVC: nim32
NETSVC: pduip6000dmemcrdmgr
NETSVC: dtscsi
NETSVC: smsmdd
NETSVC: ZuneBusEnum
NETSVC: SE2Emdfl
NETSVC: tga
NETSVC: nwlnkflt
NETSVC: smtpd32
NETSVC: CBN
NETSVC: SECYPUSB
NETSVC: backuplauncher
NETSVC: kraidsvc
NETSVC: NVNET
NETSVC: aslm75
NETSVC: Si3114r5
NETSVC: GVCplDrv
NETSVC: InterBaseGuardian
NETSVC: mr2kserv
NETSVC: mfeapfk
NETSVC: tifsfilter
NETSVC: emclisrv
NETSVC: mxserver
NETSVC: ofcservice
NETSVC: vzfw
NETSVC: CT20XUT.DLL
NETSVC: com0com
NETSVC: VNUSB
NETSVC: bwsvc
NETSVC: PSI_SVC_2
NETSVC: eliservice
NETSVC: L8042mou
NETSVC: SPLITCAM
NETSVC: qcdonner
NETSVC: UNDPX2A
NETSVC: ctdvda2k
NETSVC: tfsncofs

============ One Month Created Files and Folders ==============

2012-05-14 13:19 - 2012-05-13 10:58 - 4491894 ____R (Swearware) C:\Users\Lupita\Desktop\ComboFix.exe
2012-05-14 12:54 - 2012-05-14 12:54 - 0000474 ____A C:\Users\Lupita\Desktop\defogger_disable.log
2012-05-14 12:54 - 2012-05-14 12:54 - 0000000 ____A C:\Users\Lupita\defogger_reenable
2012-05-14 12:53 - 2012-05-14 12:41 - 0607260 ____R (Swearware) C:\Users\Lupita\Desktop\dds.scr
2012-05-14 12:53 - 2012-05-14 12:40 - 0050477 ____A C:\Users\Lupita\Desktop\Defogger.exe
2012-05-13 19:34 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-13 19:34 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-13 19:34 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-13 19:34 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-13 19:34 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-13 19:34 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-13 19:34 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-13 19:34 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-13 19:34 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-13 19:34 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-13 19:34 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-13 19:34 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-13 19:34 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-13 19:34 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-13 19:34 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-13 19:34 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-13 19:34 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-13 19:34 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-13 19:34 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-13 19:34 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-13 19:34 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-13 19:34 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-13 19:34 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-13 19:34 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-13 19:34 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-13 19:34 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-13 11:13 - 2012-05-13 11:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-13 11:09 - 2012-05-13 11:14 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-13 10:59 - 2012-05-14 13:22 - 0000000 ___SD C:\32788R22FWJFW
2012-05-13 10:33 - 2012-05-13 10:34 - 0138262 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.33.05_log.txt
2012-05-13 10:32 - 2012-05-13 10:32 - 0134796 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.32.20_log.txt
2012-05-13 10:23 - 2012-05-13 10:23 - 0000732 ____A C:\Windows\System32\Drivers\hosts
2012-05-13 10:23 - 2012-05-13 10:23 - 0000000 ____A C:\Windows\System32\Drivers\New Text Document.txt
2012-05-13 10:14 - 2012-05-13 10:14 - 0000278 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{D12E418E-BBA8-4F6E-B1E4-7C260C0124A4}.job
2012-05-13 10:13 - 2012-05-13 10:14 - 0138550 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.13.28_log.txt
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-13 10:08 - 2012-05-13 10:10 - 0138326 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.08.18_log.txt
2012-05-13 10:07 - 2012-05-02 09:00 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Lupita\Desktop\TDSSKiller.exe
2012-05-13 09:59 - 2012-05-14 14:08 - 0276342 ____A C:\Windows\ntbtlog.txt
2012-05-13 09:46 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-13 09:46 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-13 01:55 - 2012-05-13 01:55 - 0000000 ____D C:\Windows\System32\SPReview
2012-05-13 01:23 - 2012-05-13 01:23 - 0100627 ____A C:\Users\Lupita\Downloads\avgremover_msilog.txt
2012-05-13 01:22 - 2012-05-13 01:25 - 0331395 ____A C:\Users\Lupita\Downloads\avgremover.log
2012-05-13 01:22 - 2012-05-13 01:22 - 2899344 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Lupita\Downloads\avg_remover_stf_x64_2012_2125.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-13 01:05 - 2012-05-13 01:05 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-13 01:05 - 2012-05-13 01:05 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-13 01:05 - 2012-05-13 01:05 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-13 01:05 - 2012-05-13 01:05 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-13 01:05 - 2012-05-13 01:05 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-05-13 01:05 - 2012-05-13 01:05 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-05-13 01:05 - 2012-05-13 01:05 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-13 01:05 - 2012-05-13 01:05 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-13 01:04 - 2012-05-13 01:08 - 0004029 ____A C:\Windows\IE9_main.log
2012-05-13 01:02 - 2012-05-13 01:02 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-13 01:02 - 2012-05-13 01:02 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 00:00 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-13 00:00 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-13 00:00 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-13 00:00 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-13 00:00 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-13 00:00 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-13 00:00 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-12 23:00 - 2012-05-12 23:00 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 23:00 - 2012-05-12 23:00 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-12 23:00 - 2012-05-12 23:00 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-12 22:58 - 2012-05-12 22:59 - 16339280 ____A (Mozilla) C:\Users\Lupita\Downloads\Firefox Setup 12.0.exe
2012-05-12 22:43 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 22:43 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 22:43 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-05-12 22:43 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-05-12 22:43 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-05-12 22:43 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-05-12 22:42 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 22:42 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 22:42 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 22:42 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 22:42 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 22:42 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 22:42 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-12 22:42 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-05-12 22:42 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-12 22:42 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-12 22:42 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-12 22:35 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-12 22:35 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-05-12 22:35 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-12 22:35 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-05-12 22:35 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-12 22:26 - 2010-07-25 16:26 - 0001306 ____A C:\Users\Lupita\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2012-05-12 22:26 - 2010-07-25 16:26 - 0001306 ____A C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk


============ 3 Months Modified Files and Folders =============

2012-05-14 15:16 - 2012-05-14 15:16 - 0000000 ____D C:\FRST
2012-05-14 14:08 - 2012-05-13 09:59 - 0276342 ____A C:\Windows\ntbtlog.txt
2012-05-14 13:22 - 2012-05-13 10:59 - 0000000 ___SD C:\32788R22FWJFW
2012-05-14 12:59 - 2010-03-24 19:01 - 1649124 ____A C:\Windows\WindowsUpdate.log
2012-05-14 12:54 - 2012-05-14 12:54 - 0000474 ____A C:\Users\Lupita\Desktop\defogger_disable.log
2012-05-14 12:54 - 2012-05-14 12:54 - 0000000 ____A C:\Users\Lupita\defogger_reenable
2012-05-14 12:54 - 2010-07-24 06:41 - 0000000 ____D C:\users\Lupita
2012-05-14 12:41 - 2012-05-14 12:53 - 0607260 ____R (Swearware) C:\Users\Lupita\Desktop\dds.scr
2012-05-14 12:40 - 2012-05-14 12:53 - 0050477 ____A C:\Users\Lupita\Desktop\Defogger.exe
2012-05-14 12:32 - 2009-07-13 21:13 - 0005556 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-14 12:22 - 2012-03-16 06:18 - 0000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-05-14 12:22 - 2010-03-24 18:53 - 3016904704 __ASH C:\hiberfil.sys
2012-05-14 12:21 - 2012-02-03 08:05 - 0005962 ____A C:\Windows\setupact.log
2012-05-14 12:20 - 2011-07-16 21:51 - 0000000 ____D C:\Users\Lupita\AppData\Local\LogMeIn Hamachi
2012-05-14 12:19 - 2011-04-21 18:55 - 0000000 ____D C:\Users\All Users\LogMeIn
2012-05-14 12:19 - 2011-04-21 18:55 - 0000000 ____D C:\ProgramData\LogMeIn
2012-05-14 12:19 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-13 18:52 - 2010-09-12 15:41 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141694677-1651255109-471062170-1000UA.job
2012-05-13 11:39 - 2011-08-10 11:41 - 0000000 ____D C:\Users\Lupita\AppData\Local\ElevatedDiagnostics
2012-05-13 11:18 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-13 11:18 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-13 11:14 - 2012-05-13 11:09 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-13 11:13 - 2012-05-13 11:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-13 11:13 - 2011-12-03 12:49 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-13 11:13 - 2011-02-17 22:00 - 0005522 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-13 10:58 - 2012-05-14 13:19 - 4491894 ____R (Swearware) C:\Users\Lupita\Desktop\ComboFix.exe
2012-05-13 10:34 - 2012-05-13 10:33 - 0138262 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.33.05_log.txt
2012-05-13 10:32 - 2012-05-13 10:32 - 0134796 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.32.20_log.txt
2012-05-13 10:26 - 2011-08-24 16:10 - 0000732 ___AH C:\Windows\System32\Drivers\etc\hosts
2012-05-13 10:23 - 2012-05-13 10:23 - 0000732 ____A C:\Windows\System32\Drivers\hosts
2012-05-13 10:23 - 2012-05-13 10:23 - 0000000 ____A C:\Windows\System32\Drivers\New Text Document.txt
2012-05-13 10:14 - 2012-05-13 10:14 - 0000278 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{D12E418E-BBA8-4F6E-B1E4-7C260C0124A4}.job
2012-05-13 10:14 - 2012-05-13 10:13 - 0138550 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.13.28_log.txt
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-13 10:10 - 2012-05-13 10:08 - 0138326 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_11.08.18_log.txt
2012-05-13 09:54 - 2009-07-13 20:45 - 0430264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 09:53 - 2012-02-04 11:31 - 0006956 ____A C:\Windows\PFRO.log
2012-05-13 09:52 - 2010-09-12 15:41 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141694677-1651255109-471062170-1000Core.job
2012-05-13 09:34 - 2010-07-24 06:48 - 0000174 ___SH C:\Users\Lupita\Start Menu\Programs\Startup\desktop.ini
2012-05-13 09:34 - 2010-07-24 06:48 - 0000174 ___SH C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-05-13 03:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-05-13 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-05-13 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-05-13 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-13 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-05-13 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-05-13 02:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-05-13 02:06 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-05-13 02:06 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-05-13 01:55 - 2012-05-13 01:55 - 0000000 ____D C:\Windows\System32\SPReview
2012-05-13 01:25 - 2012-05-13 01:22 - 0331395 ____A C:\Users\Lupita\Downloads\avgremover.log
2012-05-13 01:25 - 2011-12-31 22:47 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-13 01:25 - 2011-12-31 22:47 - 0000000 ____D C:\ProgramData\AVG2012
2012-05-13 01:23 - 2012-05-13 01:23 - 0100627 ____A C:\Users\Lupita\Downloads\avgremover_msilog.txt
2012-05-13 01:23 - 2011-02-15 19:43 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-13 01:23 - 2011-02-15 19:43 - 0000000 ____D C:\ProgramData\MFAData
2012-05-13 01:22 - 2012-05-13 01:22 - 2899344 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Lupita\Downloads\avg_remover_stf_x64_2012_2125.exe
2012-05-13 01:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-05-13 01:08 - 2012-05-13 01:04 - 0004029 ____A C:\Windows\IE9_main.log
2012-05-13 01:05 - 2012-05-13 01:05 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-13 01:05 - 2012-05-13 01:05 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-13 01:05 - 2012-05-13 01:05 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-13 01:05 - 2012-05-13 01:05 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-13 01:05 - 2012-05-13 01:05 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-13 01:05 - 2012-05-13 01:05 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-05-13 01:05 - 2012-05-13 01:05 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-05-13 01:05 - 2012-05-13 01:05 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-13 01:05 - 2012-05-13 01:05 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-13 01:05 - 2012-05-13 01:05 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-13 01:05 - 2012-05-13 01:05 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-13 01:02 - 2012-05-13 01:02 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-13 01:02 - 2012-05-13 01:02 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 00:20 - 2009-11-05 17:40 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 00:20 - 2009-11-05 17:40 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-12 23:48 - 2011-12-31 23:56 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-12 23:48 - 2011-12-31 23:56 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-12 23:48 - 2011-12-31 23:56 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-12 23:00 - 2012-05-12 23:00 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-12 23:00 - 2012-05-12 23:00 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-12 23:00 - 2012-05-12 23:00 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-12 23:00 - 2011-12-29 21:50 - 0001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-12 23:00 - 2011-07-26 17:59 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-12 22:59 - 2012-05-12 22:58 - 16339280 ____A (Mozilla) C:\Users\Lupita\Downloads\Firefox Setup 12.0.exe
2012-05-12 22:50 - 2011-12-30 19:09 - 0001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-12 22:50 - 2011-12-30 19:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 22:30 - 2011-12-18 10:12 - 0002413 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-05-12 22:26 - 2011-12-08 20:35 - 0000000 ____D C:\Windows\pss
2012-05-02 09:00 - 2012-05-13 10:07 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Lupita\Desktop\TDSSKiller.exe
2012-04-26 19:03 - 2011-10-25 20:55 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-04 14:56 - 2011-12-30 19:09 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 22:05 - 2012-05-12 22:42 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 22:42 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 22:42 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 22:42 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-12 22:42 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-26 15:53 - 2012-03-26 15:53 - 0000000 ____D C:\Users\Lupita\AppData\Roaming\vlc
2012-03-26 15:37 - 2012-03-26 15:37 - 0001241 ____A C:\Users\Lupita\Desktop\Graboid Video.lnk
2012-03-26 15:37 - 2012-03-26 15:37 - 0000000 ____D C:\Users\Lupita\AppData\Local\Graboid_Inc
2012-03-26 15:37 - 2012-03-26 15:37 - 0000000 ____D C:\Users\Lupita\AppData\Local\Graboid Inc
2012-03-26 15:37 - 2012-03-26 15:37 - 0000000 ____D C:\Users\Lupita\AppData\Local\Graboid
2012-03-26 15:37 - 2012-03-26 15:37 - 0000000 ____D C:\Users\Lupita\AppData\Local\Geckofx
2012-03-26 15:37 - 2012-03-26 15:37 - 0000000 ____D C:\Users\All Users\Graboid Inc
2012-03-26 15:37 - 2012-03-26 15:37 - 0000000 ____D C:\ProgramData\Graboid Inc
2012-03-26 15:37 - 2012-03-26 15:36 - 0000000 ____D C:\Program Files (x86)\Graboid
2012-03-26 15:36 - 2012-03-26 15:36 - 0001026 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-26 15:36 - 2012-03-26 15:36 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-26 15:35 - 2012-03-26 15:34 - 37931600 ____A C:\Users\Lupita\Downloads\GraboidVideoSetup-3.05-Complete.exe
2012-03-20 19:44 - 2012-03-20 19:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-16 23:58 - 2012-05-12 22:42 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 06:17 - 2012-03-07 08:18 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-03-07 08:39 - 2010-07-25 16:54 - 0014057 ____A C:\Users\Lupita\Documents\Guadalupe Razon Resume.docx
2012-03-07 08:28 - 2012-03-07 08:28 - 0000162 ___AH C:\Users\Lupita\Documents\~$adalupe Razon Resume.docx
2012-03-07 08:18 - 2012-03-07 08:18 - 0000000 ____A C:\Users\Lupita\Desktop\New Text Document.txt
2012-03-02 22:35 - 2012-05-12 22:43 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-12 22:43 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-29 22:46 - 2012-05-13 00:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-05-13 00:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-05-13 00:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-05-13 00:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-05-13 00:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-05-13 00:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-05-13 00:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-05-13 19:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-05-13 19:34 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-05-13 19:34 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-05-13 19:34 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-05-13 19:34 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-05-13 19:34 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-05-13 19:34 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-05-13 19:34 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-05-13 19:34 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-05-13 19:34 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-05-13 19:34 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-05-13 19:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-05-13 19:34 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-05-13 19:34 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-05-13 19:34 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-05-13 19:34 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-05-13 19:34 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-05-13 19:34 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-05-13 19:34 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-05-13 19:34 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-05-13 19:34 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-05-13 19:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-05-13 19:34 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-05-13 19:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-05-13 19:34 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-05-13 19:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 09:18 - 2010-09-23 20:00 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-16 22:38 - 2012-05-12 22:35 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-05-12 22:35 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-05-12 22:35 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-05-12 22:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3836.2 MB
Available physical RAM: 3149.51 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3140.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:282.51 GB) (Free:231.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:15.28 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (PATRIOT) (Removable) (Total:7.45 GB) (Free:1.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7640 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 282 GB 200 MB
Partition 3 Primary 15 GB 282 GB
Partition 4 Primary 103 MB 297 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 282 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7636 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H PATRIOT FAT32 Removable 7636 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-13 03:11

======================= End Of Log ==========================

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:06 AM

Posted 14 May 2012 - 06:11 PM

Hi,


Lets attempt to fix the ZeroAccess Rootkit. Please download the enclosed file to the USB drive.

Now please enter System Recovery Options as you did before.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



Next please rerun ComboFix, allow it to update if it asks to do so.

Post both the FRST and the ComboFix logs

Thanks!



Regards,
Georgi

cXfZ4wS.png


#9 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 May 2012 - 06:54 PM

Ok, I ran the "FIX" with the fixlist.txt file in the flash drive, it successfully created the file posted below.

Ran ComboFix, and asked me to disable Microsoft Security Essentials before hitting "OK", I disabled it and hit "stop" through services for Microsoft Antimalware and it disabled essentials, Combofix finished and produced the logs below.

Thank you again for your help!!

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 13-05-2012
Ran by SYSTEM at 2012-05-14 16:18:47 Run:1
Running from H:\

==============================================

HKLM-x32\\\.\.\.\\Run\\tray_ico Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\tray_ico2 Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\tray_ico3 Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\tray_ico4 Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\consrv.dll moved successfully.
Wuser32 service deleted successfully.
C:\Windows\System32\spbbcsvc.dll moved successfully.
C:\Windows\System32\dds_log_ad13.cmd moved successfully.
C:\Windows\System32\dds_log_trash.cmd moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Wuser32 Deleted successfully.

==== End of Fixlog ====

ComboFix 12-05-13.03 - Lupita 05/14/2012 16:28:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2479 [GMT -7:00]
Running from: c:\users\Lupita\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\av_ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer.rar
c:\windows\system32\6to4.dll
c:\windows\system32\AeLookupSvc.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\drivers\hosts
c:\windows\system32\NWCWorkstation.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.3
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 23:37 . 2012-05-14 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 23:16 . 2012-05-14 23:17 -------- d-----w- C:\FRST
2012-05-13 19:13 . 2012-05-13 19:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-13 18:10 . 2012-05-13 18:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 17:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-13 17:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-13 09:55 . 2012-05-13 09:55 -------- d-----w- c:\windows\system32\SPReview
2012-05-13 09:02 . 2012-05-13 09:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 09:02 . 2012-05-13 09:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-13 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-13 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-13 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-13 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-13 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-13 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-13 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-13 07:00 . 2012-05-13 07:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-13 07:00 . 2012-04-21 01:19 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-13 07:00 . 2012-04-21 01:19 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-13 07:00 . 2012-04-21 01:19 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-13 07:00 . 2012-04-21 01:19 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-13 07:00 . 2012-04-21 01:18 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-13 06:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 06:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 06:43 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-13 06:43 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-13 06:38 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3707F48-75E0-4082-828C-004C83762BB1}\mpengine.dll
2012-05-13 06:35 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-13 06:35 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-13 06:35 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-13 06:35 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-13 06:35 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 10:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-13 10:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-04 22:56 . 2011-12-31 03:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-23 17:18 . 2010-09-24 04:00 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208]
.
c:\users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\avg\avg10\avgchsva.exe /sync\0c:\progra~2\avg\avg10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100920.001\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 2329480]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-07-19 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-07-27 517632]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141694677-1651255109-471062170-1000Core.job
- c:\users\Lupita\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 23:41]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3141694677-1651255109-471062170-1000UA.job
- c:\users\Lupita\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 23:41]
.
2012-05-13 c:\windows\Tasks\User_Feed_Synchronization-{D12E418E-BBA8-4F6E-B1E4-7C260C0124A4}.job
- c:\windows\system32\msfeedssync.exe [2012-05-13 09:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-26 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 171520]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 3444736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
DSI_SiUSBXp_3_1
nsvcip
pdengine
pnrouter
caboagp
se58mdfl
WacomVKHid
hwpsgt
hsfhwazl
mwsejcap
BCMTPM
pshost
stylexphelper
nicser_wmp11
tappsrv
prodrv06
SbcpHid
DFUBTUSB
aiclient
rtl8029
nvport
FVNETusb
AMDPCI
roxupnprenderer
se2Bnd5
nfsds
ctsfm2k
pcidump
vetfddnt
nwlnkipx
ovsecurityserver
cfsvcs
inotask
elotouchscreen
TVALG
mps9
acrsch2svc
JRAID
pelmouse
WscNetDr
SMTPSVC
venturi2
zunenetworksvc
ELkbd
DCamUSBMke2
EACSys
sprtsvc_dellsupportcenter
HSX_DP
ino_fltr
superproserver
se27unic
ngserver
jobserver_report
abnetmon
slimsvc
IPFilter
blueletscoaudio
symantecantibotwatcher
SymIMMP
nimxdfk
bwmservice
procexp90
bobo
IBMTPCHK
tng-dtmg
rrrspy
grmnusb
cqmgserv
btwhid
CoachUsb
lhidflt2
plscsi
atkdisplf
oracle_load_balancer_60_client-forms6i
nvcap
UBHelper
MobilityService
iomdisk
Slpsvdr
arhidfltr
dlabmfsm
webfilter
ShockMgr
appmgmt
Pctspk
ASLDRService
dklogger
rppkt
zpnodecollector
s217nd5
amusbprt
pdlnatdl
mysqlinventime
livesrv
brmfbags
incdrec
ofcpfwsvc
iaimfp0
MR97310_USB_DUAL_CAMERA
dlaudfam
SE2Emdm
DCamUSBGrandTek
AVCSTRM
lxcf_device
cdrbsvsd
aksfridge
ino_flpy
ProcObsrv
enum1394
abp480n5
vaiomediaplatform-integratedserver-appserver
nfmservice
haspnt
trufos
SiRemFil
dmprimer
tosporte
SE27obex
rtl8139
streamip
radiosvr
tunnelguardservice
dlapoolm
rampartsvc
hcwPVRP2
EUSBMSD
pensup
AVCamUSB20
ashampoodefragservice
s3psddr
s3savagenb
mbackmonitor
ptilink
captureservice
avsinc
EPOWER
Afc
iaimtv0
mssql$microsoftsmlbiz
vsmon
s116bus
rpaservice
ikfileflt
APLMp50
rt2500usb
cvslock
bthidenum
s117bus
guardian2
siside
ftpqueue
imagesrv
FontCache3.0.0.0.
mcusrmgr
tosrfnds
CoachAud
dvd-ram_service
VirtualFD
basic2
SE26mdm
CA561
F700imd
vet-rec
nvata
hpconfig
pdfcreatormessages
dvd_2K
https-admserv61
xusb21
contentindex
Nmea
pgfilter
portio
regsrvc
tomcatcws3
k750bus
EMATCORE
MQAC
hap16v2k
cpsvc
jsdaemon
EIO_XP
rapapp
nvgts
swmidi
CamAv
alim1541
se59mdfl
ADSMService
winpowermonitor
teefer2
s116nd5
tsmapip
UsbserFilt
w200mdfl
db2ntsecserver
co_mon
lfsfilt
digitizer
ec2007service
delldmi
qkbfiltr
CoolerXPDriver
lxbt_device
websensecpmcommunicationagent
hidgame
SE2Cmdfl
symfw
wintab32
Amsmpu4p
ssdiagn
bc_tdi_f
VX3000
artdhcp
cpqrcmc
s3twistr
flutilssvc
rnadirectory
se58bus
se44mdfl
mediaviewer
avpnnic
regservice
RSAFAL
sis162u
apache2
MSMQ
cisvc
protectionservice
AKSIFDH
nipsvc
PDExchange
Angel2
LHidUsbK
dladresn
gmer
vmkbd
pdscheduler
tosrfec
MA_CMIDI
mfeavfk
GT891x
ha20x2k
SeratoUsb
btwaudio
atkkeyboardservice
caili
DCamUSBDXGTech
MSCamSvc
Mvc25U870_VID_1262&PID_25FD
splitter
pdlnepkt
mcredirector
tcsd_win32.exe
NxNetMon
incdsrv
samfilt
sandboxu
Ld51ocnucsnp
jtagserver
wmi
oracle_load_balancer_60_server-forms6ip9
HWIONT
raspti
citrixxteserver
SE27mgmt
symdns
TICalc
qconsvc
tdsmapi
sfilter
KMW_USB
paamsrv
vpcvmm
s716bus
fasttx2k
rvscc
aswmon2
prismxl
zebrbus
tmmbd
DivisCTS
wdelmgr20
EAWDMFD
enodpl
nim32
pduip6000dmemcrdmgr
dtscsi
smsmdd
ZuneBusEnum
SE2Emdfl
tga
nwlnkflt
smtpd32
CBN
SECYPUSB
backuplauncher
kraidsvc
NVNET
aslm75
Si3114r5
GVCplDrv
InterBaseGuardian
mr2kserv
mfeapfk
tifsfilter
emclisrv
mxserver
ofcservice
vzfw
CT20XUT.DLL
com0com
VNUSB
bwsvc
PSI_SVC_2
eliservice
L8042mou
SPLITCAM
qcdonner
UNDPX2A
ctdvda2k
tfsncofs
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
FF - ProfilePath - c:\users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
SafeBoot-22699933.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-05-14 16:47:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-14 23:47
.
Pre-Run: 248,738,553,856 bytes free
Post-Run: 248,372,633,600 bytes free
.
- - End Of File - - 329512C952A5DCD0B099267FB49E9A4C

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:06 AM

Posted 14 May 2012 - 07:59 PM

Hello,


Great work! :)

As we are going to edit the registry to clean some malware related entries we must proceed with caution.



Backup Your Registry with ERUNT


  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Open Erunt.exe. Follow the prompts leaving the values at default.



We Need to Run a Registry Script


  • Press the Windows Logo in the lower left corner of your screen.
  • In the Posted Image box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
    "netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
      63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
      00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
      00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
      00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
      54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
      00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
      69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
      00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
      6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
      00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
      69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
      00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
      73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
      00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
      61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
      00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
      73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
      00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
      69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
      00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
      44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
      00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
      64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
      00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
      6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
      00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
      69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
      00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
      00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
      00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
      00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
      00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
      74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
      00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
      70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00
    
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.reg.
  • Press Posted Image.
  • Close Notepad.
  • Double click Posted Image on your desktop.
  • Press Yes if prompted by User Account Control.
  • Press Yes, and then Ok, when prompted.
  • Right click on Posted Image and choose Delete.
  • Press Yes.




Now Let's do a few more checks just to make sure:



STEP 1


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
    %windir%\temp\*.*
    %windir%\system32\*. 
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\DBBK\*.* /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    %systemroot%\assembly\GAC_64\*.* /S /MD5
    %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath /s
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



STEP 2



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




STEP 3



Please download aswMBR.exe to your desktop.



  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    Posted Image
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note - do NOT attempt any Fix or FixMBR yet.



Regards,
Georgi

cXfZ4wS.png


#11 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 15 May 2012 - 01:26 AM

Thank you again!! Followed all directions, and sorry for the delayed post, the last scan took a while to finish. Here are the logs you requested.

OTL logfile created on: 5/14/2012 6:29:05 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Lupita\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 68.07% Memory free
7.49 Gb Paging File | 6.30 Gb Available in Paging File | 84.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.51 Gb Total Space | 231.29 Gb Free Space | 81.87% Space Free | Partition Type: NTFS
Drive D: | 15.28 Gb Total Space | 2.51 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.22 Mb Free Space | 95.85% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 1.94 Gb Free Space | 26.08% Space Free | Partition Type: FAT32

Computer Name: LUPITA-PC | User Name: Lupita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 18:20:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lupita\Desktop\OTL.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/08/15 17:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/25 17:28:40 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/04 21:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/11/28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/08/15 17:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/18 21:36:08 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2011/07/18 21:35:45 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/25 17:28:40 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/18 21:35:47 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 15:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 15:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 15:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 15:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/07/24 07:50:15 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/01/29 07:39:10 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2009/11/18 13:26:18 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/11/18 13:26:18 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/09/21 19:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/29 17:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/25 17:28:40 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/04 22:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/28 13:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/24 00:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 15:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/12 19:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/07/24 22:36:55 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/11/18 13:26:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/18 13:26:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{75C7CCA9-DD21-456A-B4B0-28BA99FA74C3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm568YYUS&ptb=96F7BE44-BFCD-4BB8-B4FE-B7D8C162FF7F&psa=&ind=2010121423&ptnrS=ZKxdm568YYUS&si=&st=sb&n=77d004cf&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{75C7CCA9-DD21-456A-B4B0-28BA99FA74C3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{06FF53E9-FC95-4736-9AF8-01D8FF24FBD1}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110310,17399,0,8,0
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AU&apn_dtid=YYYYYYYYUS&apn_uid=F7F80902-E72C-402B-BBA1-3D79DEA7415B&apn_sauid=892E8707-78CA-43C2-ABE4-DB9DD556E7FD
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{17D19E78-13E5-45FB-9184-CE36886A473E}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=cfc514e8afb249ccb38a90cf5c8d9a1a
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=3746813001CB860F001D85A3&install_time=2010-11-17T04:23:39Z&src_id=11613&camp_id=1696&tb_version=2.5.15000.521
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm568YYUS&ptb=96F7BE44-BFCD-4BB8-B4FE-B7D8C162FF7F&psa=&ind=2010121423&ptnrS=ZKxdm568YYUS&si=&st=sb&n=77d004cf&searchfor={searchTerms}
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_en
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{75C7CCA9-DD21-456A-B4B0-28BA99FA74C3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=cfc514e8afb249ccb38a90cf5c8d9a1a&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lupita\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lupita\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lupita\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lupita\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/05 20:03:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 00:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/24 17:10:01 | 000,000,000 | ---D | M]

[2011/07/26 18:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lupita\AppData\Roaming\Mozilla\Extensions
[2011/03/10 21:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\extensions
[2011/03/10 21:50:29 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/01/05 11:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\extensions
[2011/12/02 21:40:04 | 000,002,567 | ---- | M] () -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\searchplugins\askcom.xml
[2011/12/30 19:56:43 | 000,001,211 | ---- | M] () -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\searchplugins\Mp3Tube.xml
[2012/05/13 00:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/13 00:00:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/05 11:54:34 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LUPITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QDNBBXMQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 18:18:25 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/04/20 18:18:25 | 000,003,413 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 18:18:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/04/20 18:18:25 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: QuestScan (Enabled)
CHR - default_search_provider: search_url = http://www.questscan.com/?tmp=redir_bho_bing&dist=0&prt=QstscanPB&keywords={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lupita\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Lupita\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lupita\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Lupita\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Lupita\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lupita\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Read Later Fast = C:\Users\Lupita\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.3.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Lupita\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\

O1 HOSTS File: ([2012/05/14 16:38:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{253471C3-EB5E-4A71-8C5D-A5698394A0DA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E878202B-407B-4356-9F27-D0387E19D122}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/20 12:04:08 | 000,038,912 | ---- | M] () - G:\AUTOBACK.EXE -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\progra~2\avg\avg10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (c:\progra~2\avg\avg10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/05/14 18:26:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lupita\Desktop\OTL.exe
[2012/05/14 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/14 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/05/14 16:39:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/14 16:27:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/14 16:27:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/14 16:27:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/14 16:27:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/14 16:27:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/14 16:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/14 16:16:18 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/14 14:19:41 | 004,491,894 | R--- | C] (Swearware) -- C:\Users\Lupita\Desktop\ComboFix.exe
[2012/05/14 13:53:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lupita\Desktop\dds.scr
[2012/05/13 20:34:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/13 20:34:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/13 20:34:49 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/13 20:34:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/13 20:34:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/13 20:34:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/13 20:34:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/05/13 20:34:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/13 20:34:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/13 20:34:47 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/13 20:34:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/13 12:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/13 11:10:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/13 11:07:20 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lupita\Desktop\TDSSKiller.exe
[2012/05/13 10:46:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/05/13 10:46:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/05/13 02:55:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/13 02:05:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/05/13 02:05:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/05/13 02:05:58 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/05/13 02:05:58 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/05/13 02:05:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/05/13 02:05:58 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/05/13 02:05:58 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/05/13 02:05:58 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/05/13 02:05:58 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/05/13 02:05:58 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/05/13 02:05:58 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/05/13 02:05:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/05/13 02:05:58 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/05/13 02:05:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/05/13 02:05:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/05/13 02:05:58 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/05/13 02:05:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/05/13 02:05:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/05/13 02:05:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/05/13 02:05:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/05/13 02:05:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/05/13 02:05:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/05/13 02:05:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/05/13 02:05:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/05/13 02:05:58 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/05/13 02:05:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/05/13 02:05:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/05/13 02:05:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/05/13 02:05:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/05/13 02:05:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/05/13 02:05:58 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/05/13 02:05:58 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/05/13 02:05:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/05/13 02:05:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/05/13 02:05:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/05/13 02:05:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/05/13 02:05:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/05/13 02:05:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/05/13 02:05:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/05/13 02:05:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/05/13 02:05:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/05/13 02:05:58 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/05/13 02:05:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/05/13 02:05:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/05/13 02:05:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/05/13 02:05:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/05/13 02:05:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/05/13 02:05:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/05/13 02:05:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/05/13 02:05:58 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/05/13 02:05:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/05/13 02:05:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/05/13 02:05:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/05/13 02:05:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/05/13 02:05:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/05/13 02:05:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/05/13 02:05:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/05/13 02:05:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/05/13 02:05:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/05/13 02:05:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/05/13 02:05:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/05/13 02:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 02:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 02:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 01:00:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/05/13 01:00:18 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/05/13 01:00:17 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/05/13 00:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/13 00:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/12 23:43:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/12 23:43:20 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/05/12 23:42:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/12 23:42:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 23:42:44 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/12 23:42:40 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/05/12 23:42:40 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/05/12 23:42:24 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/05/12 23:35:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/05/12 23:35:01 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/05/12 23:35:00 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/26 16:53:53 | 000,000,000 | ---D | C] -- C:\Users\Lupita\AppData\Roaming\vlc
[2012/03/26 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\Lupita\AppData\Local\Graboid_Inc
[2012/03/26 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\Lupita\AppData\Local\Graboid Inc
[2012/03/26 16:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/03/26 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Lupita\AppData\Local\Graboid
[2012/03/26 16:37:43 | 000,000,000 | ---D | C] -- C:\Users\Lupita\AppData\Local\Geckofx
[2012/03/26 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2012/03/26 16:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/03/26 16:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/03/26 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2012/03/20 20:44:12 | 000,098,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys

========== Files - Modified Within 90 Days ==========

[2012/05/14 18:20:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lupita\Desktop\OTL.exe
[2012/05/14 18:15:13 | 000,001,064 | ---- | M] () -- C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/14 18:14:13 | 000,000,884 | ---- | M] () -- C:\Users\Lupita\Desktop\NTREGOPT.lnk
[2012/05/14 18:14:13 | 000,000,865 | ---- | M] () -- C:\Users\Lupita\Desktop\ERUNT.lnk
[2012/05/14 17:52:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3141694677-1651255109-471062170-1000UA.job
[2012/05/14 16:48:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 16:48:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 16:38:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/14 16:38:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 16:38:17 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 16:24:22 | 001,424,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 16:24:22 | 000,383,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 16:24:22 | 000,005,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 13:54:02 | 000,000,000 | ---- | M] () -- C:\Users\Lupita\defogger_reenable
[2012/05/14 13:41:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lupita\Desktop\dds.scr
[2012/05/14 13:40:42 | 000,050,477 | ---- | M] () -- C:\Users\Lupita\Desktop\Defogger.exe
[2012/05/13 12:14:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/13 12:13:59 | 000,005,522 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/13 11:58:06 | 004,491,894 | R--- | M] (Swearware) -- C:\Users\Lupita\Desktop\ComboFix.exe
[2012/05/13 11:14:01 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D12E418E-BBA8-4F6E-B1E4-7C260C0124A4}.job
[2012/05/13 10:54:34 | 000,430,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 10:52:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3141694677-1651255109-471062170-1000Core.job
[2012/05/13 03:06:04 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/05/13 03:06:03 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/05/13 02:13:23 | 000,001,397 | ---- | M] () -- C:\Users\Lupita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/13 02:05:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/05/13 02:05:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/05/13 02:05:58 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/05/13 02:05:58 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/05/13 02:05:58 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/05/13 02:05:58 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/05/13 02:05:58 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/05/13 02:05:58 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/05/13 02:05:58 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/05/13 02:05:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/05/13 02:05:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/05/13 02:05:58 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/05/13 02:05:58 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/05/13 02:05:58 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/05/13 02:05:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/05/13 02:05:58 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/05/13 02:05:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/05/13 02:05:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/05/13 02:05:58 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/05/13 02:05:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/05/13 02:05:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/05/13 02:05:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/05/13 02:05:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/05/13 02:05:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/05/13 02:05:58 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/05/13 02:05:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/05/13 02:05:58 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/05/13 02:05:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/05/13 02:05:58 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/05/13 02:05:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/05/13 02:05:58 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/05/13 02:05:58 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/05/13 02:05:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/05/13 02:05:58 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/05/13 02:05:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/05/13 02:05:58 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/05/13 02:05:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/05/13 02:05:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/05/13 02:05:58 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/05/13 02:05:58 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/05/13 02:05:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/05/13 02:05:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/05/13 02:05:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/05/13 02:05:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/05/13 02:05:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/05/13 02:05:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/05/13 02:05:58 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/05/13 02:05:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/13 02:05:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/13 02:05:58 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/05/13 02:05:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/05/13 02:05:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/05/13 02:05:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/05/13 02:05:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/05/13 02:05:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/05/13 02:05:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/05/13 02:05:58 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/05/13 02:05:58 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/05/13 02:05:58 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/05/13 02:05:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/05/13 02:05:58 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/05/13 02:05:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/05/13 02:05:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/05/13 00:00:34 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/12 23:50:36 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 23:30:08 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/05/02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lupita\Desktop\TDSSKiller.exe
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/30 23:05:57 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/30 21:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/30 21:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/26 16:37:14 | 000,001,241 | ---- | M] () -- C:\Users\Lupita\Desktop\Graboid Video.lnk
[2012/03/26 16:36:52 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[2012/03/02 23:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/02/29 23:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/02/29 23:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/27 23:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/27 23:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/27 23:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/27 23:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/27 23:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/27 23:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/27 18:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/27 18:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/27 18:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/27 18:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/27 17:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 23:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/16 22:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

========== Files Created - No Company Name ==========

[2012/05/14 18:15:13 | 000,001,064 | ---- | C] () -- C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/14 18:14:13 | 000,000,884 | ---- | C] () -- C:\Users\Lupita\Desktop\NTREGOPT.lnk
[2012/05/14 18:14:13 | 000,000,865 | ---- | C] () -- C:\Users\Lupita\Desktop\ERUNT.lnk
[2012/05/14 16:27:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/14 16:27:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/14 16:27:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/14 16:27:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/14 16:27:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/14 13:54:02 | 000,000,000 | ---- | C] () -- C:\Users\Lupita\defogger_reenable
[2012/05/14 13:53:55 | 000,050,477 | ---- | C] () -- C:\Users\Lupita\Desktop\Defogger.exe
[2012/05/13 12:14:03 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/13 12:09:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/13 11:14:01 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{D12E418E-BBA8-4F6E-B1E4-7C260C0124A4}.job
[2012/05/13 02:05:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/13 02:05:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/12 23:26:59 | 000,001,306 | ---- | C] () -- C:\Users\Lupita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/03/26 16:37:14 | 000,001,241 | ---- | C] () -- C:\Users\Lupita\Desktop\Graboid Video.lnk
[2012/03/26 16:36:52 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/18 11:12:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/12/18 11:12:11 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/08/17 11:40:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/08/10 13:11:04 | 000,173,062 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/08/10 13:11:03 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/07/26 18:59:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/20 21:54:22 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/04 21:04:51 | 002,530,995 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0818.JPG
[2011/06/30 19:51:48 | 000,000,207 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/06/19 21:07:06 | 000,018,037 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0814_navi.JPG
[2011/06/19 21:06:52 | 003,196,516 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0814.JPG
[2011/04/03 21:54:33 | 000,040,689 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpSNAPSHOT_20110217_6.JPG
[2011/04/03 21:54:20 | 000,050,257 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpSNAPSHOT_20110217_6.0
[2011/02/17 23:00:17 | 000,005,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/30 00:13:57 | 002,582,304 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpDAD&ME (2).0
[2011/01/30 00:13:57 | 000,938,305 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpDAD&ME (2).JPG
[2010/12/28 22:13:57 | 000,213,927 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp2.0
[2010/12/28 22:13:57 | 000,091,305 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp2.JPG
[2010/12/26 22:07:20 | 002,480,729 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpME,ERVIN,MELLI,CAMILA,YESSI,GABRIEL&JONATHAN (2).JPG
[2010/11/08 20:10:35 | 000,034,144 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpME N BRYAN!.0
[2010/11/08 20:10:35 | 000,010,658 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpME N BRYAN!.JPG
[2010/10/27 19:35:43 | 000,817,931 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0543.JPG
[2010/10/27 19:35:42 | 002,249,918 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0543.0
[2010/10/20 21:01:20 | 000,101,257 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp018.2
[2010/10/20 21:01:20 | 000,100,776 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp018.1
[2010/10/20 21:01:19 | 000,161,935 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp018.0
[2010/10/20 21:01:19 | 000,102,917 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp018.JPG
[2010/10/13 16:34:09 | 000,007,570 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp69811_148683761841147_100000985727366_244168_6447676_S[1].JPG
[2010/09/14 21:59:29 | 000,422,828 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp020.0
[2010/09/14 21:59:29 | 000,164,706 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmp020.JPG
[2010/08/28 21:39:48 | 000,008,194 | ---- | C] () -- C:\Users\Lupita\AppData\Local\tmpIMAGES.JPG
[2010/07/31 21:55:15 | 000,000,600 | ---- | C] () -- C:\Users\Lupita\AppData\Local\PUTTY.RND

========== LOP Check ==========

[2011/05/06 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\.minecraft
[2011/11/24 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\AtomZombieData
[2011/06/30 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\Auslogics
[2012/01/01 00:45:53 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\AVG10
[2011/12/31 23:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\AVG2012
[2011/11/24 20:55:13 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\Braid
[2011/08/17 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\Broken Rules
[2012/01/01 00:44:57 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\com.w3i.intune
[2012/01/01 00:18:23 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\Crayon Physics Deluxe
[2010/08/02 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\Lexmark Productivity Studio
[2011/05/19 19:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\Sammsoft
[2011/05/12 20:30:53 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\W3i, LLC
[2011/10/21 17:35:01 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/13 11:14:01 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D12E418E-BBA8-4F6E-B1E4-7C260C0124A4}.job

========== Purity Check ==========



========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %SYSTEMDRIVE%\*.* >
[2011/04/21 19:55:35 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/05/14 16:47:19 | 000,024,137 | ---- | M] () -- C:\ComboFix - Copy.txt
[2012/05/14 16:47:19 | 000,024,137 | ---- | M] () -- C:\ComboFix.txt
[2012/05/14 16:38:17 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 19:53:43 | 000,000,256 | ---- | M] () -- C:\lxdn.log
[2012/05/14 16:38:17 | 4022,542,336 | -HS- | M] () -- C:\pagefile.sys
[2011/08/11 19:17:01 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG1
[2011/08/11 19:17:01 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG2
[2012/05/13 11:10:16 | 000,138,326 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_13.05.2012_11.08.18_log.txt
[2012/05/13 11:14:49 | 000,138,550 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_13.05.2012_11.13.28_log.txt
[2012/05/13 11:32:58 | 000,134,796 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_13.05.2012_11.32.20_log.txt
[2012/05/13 11:34:03 | 000,138,262 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_13.05.2012_11.33.05_log.txt

< %USERPROFILE%\*.* >
[2011/03/10 21:39:47 | 523,409,669 | ---- | M] (Z8Games.com ) -- C:\Users\Lupita\CrossFire_Setup_v1058.exe
[2012/05/14 13:54:02 | 000,000,000 | ---- | M] () -- C:\Users\Lupita\defogger_reenable
[2012/05/14 18:31:36 | 003,670,016 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat
[2012/05/14 18:31:36 | 000,262,144 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat.LOG1
[2010/07/24 07:41:03 | 000,000,000 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat.LOG2
[2010/07/24 08:48:11 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/24 08:48:11 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/24 08:48:11 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/12/03 14:21:34 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{150912d0-1df3-11e1-a007-c7aaa92f015d}.TM.blf
[2011/12/03 14:21:34 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{150912d0-1df3-11e1-a007-c7aaa92f015d}.TMContainer00000000000000000001.regtrans-ms
[2011/12/03 14:21:34 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{150912d0-1df3-11e1-a007-c7aaa92f015d}.TMContainer00000000000000000002.regtrans-ms
[2011/12/03 14:07:01 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{5fd8bbbb-1df2-11e1-b6d3-f3e3e1579e22}.TM.blf
[2011/12/03 14:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{5fd8bbbb-1df2-11e1-b6d3-f3e3e1579e22}.TMContainer00000000000000000001.regtrans-ms
[2011/12/03 14:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{5fd8bbbb-1df2-11e1-b6d3-f3e3e1579e22}.TMContainer00000000000000000002.regtrans-ms
[2011/12/03 14:14:34 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{5fd8bbe1-1df2-11e1-b6d3-f3e3e1579e22}.TM.blf
[2011/12/03 14:14:34 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{5fd8bbe1-1df2-11e1-b6d3-f3e3e1579e22}.TMContainer00000000000000000001.regtrans-ms
[2011/12/03 14:14:34 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{5fd8bbe1-1df2-11e1-b6d3-f3e3e1579e22}.TMContainer00000000000000000002.regtrans-ms
[2012/01/01 01:23:08 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{cdef5ae6-344c-11e1-b6dc-705ab69bbbaf}.TM.blf
[2012/01/01 01:23:08 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{cdef5ae6-344c-11e1-b6dc-705ab69bbbaf}.TMContainer00000000000000000001.regtrans-ms
[2012/01/01 01:23:08 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{cdef5ae6-344c-11e1-b6dc-705ab69bbbaf}.TMContainer00000000000000000002.regtrans-ms
[2011/12/03 14:35:39 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{d5de2259-1df4-11e1-b4e9-ceb694b45e5d}.TM.blf
[2011/12/03 14:35:39 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{d5de2259-1df4-11e1-b4e9-ceb694b45e5d}.TMContainer00000000000000000001.regtrans-ms
[2011/12/03 14:35:39 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{d5de2259-1df4-11e1-b4e9-ceb694b45e5d}.TMContainer00000000000000000002.regtrans-ms
[2011/12/07 22:25:37 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{d610eefb-215b-11e1-9af9-ddbab9af092a}.TM.blf
[2011/12/07 22:25:37 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{d610eefb-215b-11e1-9af9-ddbab9af092a}.TMContainer00000000000000000001.regtrans-ms
[2011/12/07 22:25:37 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{d610eefb-215b-11e1-9af9-ddbab9af092a}.TMContainer00000000000000000002.regtrans-ms
[2011/12/03 15:14:07 | 000,065,536 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{ec394adb-1dfb-11e1-b401-a704088bea22}.TM.blf
[2011/12/03 15:14:07 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{ec394adb-1dfb-11e1-b401-a704088bea22}.TMContainer00000000000000000001.regtrans-ms
[2011/12/03 15:14:07 | 000,524,288 | -HS- | M] () -- C:\Users\Lupita\ntuser.dat{ec394adb-1dfb-11e1-b401-a704088bea22}.TMContainer00000000000000000002.regtrans-ms
[2010/07/24 07:41:03 | 000,000,020 | -HS- | M] () -- C:\Users\Lupita\ntuser.ini
[2011/03/10 21:39:47 | 000,000,027 | ---- | M] () -- C:\Users\Lupita\readme.txt

< %USERPROFILE%\AppData\Local\*.* >
[2010/07/24 07:48:59 | 000,000,000 | ---- | M] () -- C:\Users\Lupita\AppData\Local\AtStart.txt
[2010/07/24 07:48:59 | 000,000,000 | ---- | M] () -- C:\Users\Lupita\AppData\Local\DSwitch.txt
[2011/09/10 09:28:03 | 000,115,920 | ---- | M] () -- C:\Users\Lupita\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/05/14 16:37:37 | 001,374,713 | -H-- | M] () -- C:\Users\Lupita\AppData\Local\IconCache.db
[2010/07/31 21:55:15 | 000,000,600 | ---- | M] () -- C:\Users\Lupita\AppData\Local\PUTTY.RND
[2010/07/24 07:48:59 | 000,000,000 | ---- | M] () -- C:\Users\Lupita\AppData\Local\QSwitch.txt
[2010/10/20 21:01:18 | 000,161,935 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp018.0
[2010/10/20 21:01:19 | 000,100,776 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp018.1
[2010/10/20 21:01:20 | 000,101,257 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp018.2
[2010/10/20 21:01:21 | 000,102,917 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp018.JPG
[2010/09/14 21:59:28 | 000,422,828 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp020.0
[2010/09/14 21:59:29 | 000,164,706 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp020.JPG
[2010/12/28 22:13:57 | 000,213,927 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp2.0
[2010/12/28 22:13:58 | 000,091,305 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp2.JPG
[2010/10/13 16:34:09 | 000,007,570 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmp69811_148683761841147_100000985727366_244168_6447676_S[1].JPG
[2011/01/30 00:13:57 | 002,582,304 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpDAD&ME (2).0
[2011/01/30 00:13:58 | 000,938,305 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpDAD&ME (2).JPG
[2010/10/27 19:35:42 | 002,249,918 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0543.0
[2010/10/27 19:35:43 | 000,817,931 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0543.JPG
[2011/06/19 21:07:05 | 003,196,516 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0814.JPG
[2011/06/19 21:07:06 | 000,018,037 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0814_navi.JPG
[2011/07/04 21:04:38 | 002,530,995 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpGEDC0818.JPG
[2010/08/28 21:39:48 | 000,008,194 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpIMAGES.JPG
[2010/11/08 20:10:35 | 000,034,144 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpME N BRYAN!.0
[2010/11/08 20:10:35 | 000,010,658 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpME N BRYAN!.JPG
[2010/12/26 22:07:10 | 002,480,729 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpME,ERVIN,MELLI,CAMILA,YESSI,GABRIEL&JONATHAN (2).JPG
[2011/04/03 21:54:19 | 000,050,257 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpSNAPSHOT_20110217_6.0
[2011/04/03 21:54:20 | 000,040,689 | ---- | M] () -- C:\Users\Lupita\AppData\Local\tmpSNAPSHOT_20110217_6.JPG
[2011/02/17 22:59:23 | 000,000,150 | ---- | M] () -- C:\Users\Lupita\AppData\Local\xobni_installer_updater.log

< %USERPROFILE%\AppData\Roaming\*.* >

< %ProgramData%\*.* >
[2011/12/21 22:14:09 | 000,000,192 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2011/08/10 13:19:20 | 000,001,549 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/05/14 16:16:29 | 000,005,120 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT.LOG1
[2011/08/23 19:34:36 | 000,000,000 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT.LOG2
[2011/08/23 19:34:37 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{81d63f0a-cdf8-11e0-9021-705ab69bbbaf}.TM.blf
[2011/08/23 19:34:37 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{81d63f0a-cdf8-11e0-9021-705ab69bbbaf}.TMContainer00000000000000000001.regtrans-ms
[2011/08/23 19:34:37 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{81d63f0a-cdf8-11e0-9021-705ab69bbbaf}.TMContainer00000000000000000002.regtrans-ms
[2011/08/23 19:34:37 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{81d63f0e-cdf8-11e0-9021-705ab69bbbaf}.TM.blf
[2011/08/23 19:34:37 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{81d63f0e-cdf8-11e0-9021-705ab69bbbaf}.TMContainer00000000000000000001.regtrans-ms
[2011/08/23 19:34:37 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{81d63f0e-cdf8-11e0-9021-705ab69bbbaf}.TMContainer00000000000000000002.regtrans-ms
[2010/03/24 20:22:19 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/11/05 19:41:29 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/03/24 20:21:51 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/11/05 19:37:42 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/03/24 20:21:17 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/24 20:22:08 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/11/05 19:36:28 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/11/05 19:40:52 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/03/24 20:22:26 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >
[2011/09/17 08:20:19 | 000,003,596 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb
[2012/05/14 13:22:37 | 000,003,496 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >
[2012/05/14 17:35:37 | 000,110,248 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log
[2011/09/17 08:20:22 | 000,003,596 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb
[2012/05/14 13:22:37 | 000,003,496 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb

< %windir%\temp\*.* >
[2012/05/14 16:42:22 | 000,001,163 | ---- | M] () -- C:\Windows\temp\HPSLPSVC0000.log
[2012/05/14 17:35:37 | 000,000,882 | ---- | M] () -- C:\Windows\temp\MpCmdRun.log

< %windir%\system32\*. >
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2009/11/05 19:03:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/13 19:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/13 19:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2012/01/01 00:45:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2012/05/13 03:15:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2012/05/13 03:14:58 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2012/05/14 16:32:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2012/05/13 03:15:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/13 19:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2011/06/30 19:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/13 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2010/03/24 20:30:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2012/05/14 13:19:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2012/05/13 03:14:58 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2012/01/01 00:45:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/13 19:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2012/01/01 00:45:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/13 20:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2010/07/26 17:54:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2012/05/13 03:14:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2009/07/13 20:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2009/07/13 20:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2009/07/13 20:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

< %windir%\sysnative\*. >
[2012/01/01 00:46:07 | 000,000,000 | -HSD | M] -- C:\Windows\sysnative\%APPDATA%
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2012/05/13 03:14:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2012/05/13 20:35:07 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2012/05/13 20:35:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2009/09/06 18:11:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2012/05/14 17:56:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2012/05/13 03:14:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2009/07/13 20:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2012/05/13 03:14:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2012/05/14 16:47:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2012/05/13 03:19:07 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2010/03/24 20:00:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2012/05/13 03:14:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2012/01/01 00:45:12 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\EventProviders
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2009/07/13 22:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/13 19:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/13 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/13 19:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2012/02/03 20:58:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2012/01/01 00:45:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2009/07/13 21:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2012/05/14 13:19:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2012/01/01 00:45:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2012/01/05 19:01:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2012/01/01 00:45:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2012/05/13 03:14:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2010/07/24 07:41:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2010/07/24 07:42:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2009/07/13 20:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/13 20:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2009/07/13 21:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/13 20:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2012/05/13 02:55:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SPReview
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2010/03/24 20:05:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SRSLabs
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2010/03/24 20:41:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2012/05/12 23:28:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2010/07/26 17:54:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2012/05/13 03:14:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2009/07/13 22:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2012/05/14 16:21:43 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2012/01/01 00:46:24 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/13 20:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2009/07/13 22:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2009/07/13 20:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %systemroot%\system32\DBBK\*.* /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\syswow64\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /90 >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >
[2011/10/15 20:43:08 | 000,002,144 | -HS- | M] () MD5=78601024C6BFED680BBFAA78372572D7 -- C:\Windows\assembly\tmp\click.tlb
[2012/05/14 13:22:41 | 000,002,632 | -HS- | M] () MD5=F16C94B6CB9A03A663617DBACC906C04 -- C:\Windows\assembly\tmp\loader.tlb
[2011/07/20 21:55:14 | 000,002,048 | ---- | M] () MD5=9D3F2DC5732109C0D8EB77EF1652F67A -- C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2010/11/20 05:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/04 18:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2009/07/13 18:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
[2009/07/13 14:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
[2010/11/04 18:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 05:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2009/07/13 18:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 18:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2010/11/04 18:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2010/07/24 09:09:33 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/13 18:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2009/06/10 14:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 14:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2010/07/24 09:09:28 | 001,662,976 | ---- | M] () MD5=2148068617A9D2B5E08520CAD7014E64 -- C:\Windows\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll
[2009/06/10 14:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 14:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 14:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2012/01/03 19:50:59 | 004,550,656 | ---- | M] () MD5=C850A6041F5AEDE21C53514BBE9AB09D -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 14:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 14:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 14:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 14:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 14:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 14:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 14:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 14:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 14:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 14:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/20 05:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/20 05:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/07/13 15:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2009/07/13 18:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2009/06/10 14:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 14:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 15:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2009/07/13 18:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2009/07/13 15:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 18:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2012/02/10 16:31:40 | 004,218,880 | ---- | M] () MD5=AEDDFD540E3E6BECDB14C30D1F12B78A -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 14:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2012/02/10 16:31:42 | 001,737,496 | ---- | M] () MD5=DDFBFD8959F32AC0CF3947F36BAC3081 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 18:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 18:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 18:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/19 21:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2012/02/10 16:31:41 | 000,372,736 | ---- | M] () MD5=A151947AD131A883870A6174CACF423B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 14:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 13:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >
[2010/11/20 06:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/04 18:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2010/11/04 18:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 06:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2010/11/20 06:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
[2010/11/20 06:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2009/07/13 18:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 18:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2011/08/16 22:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
[2010/11/20 06:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
[2010/11/20 06:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
[2010/11/20 06:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
[2010/11/20 06:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/04 18:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2010/07/24 09:09:33 | 000,454,440 | ---- | M] () MD5=78D01EA9CE232F25ACE9024E12950853 -- C:\Windows\assembly\GAC_64\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/13 18:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/20 06:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010/11/04 18:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 13:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 13:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 13:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 13:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2012/01/03 20:34:35 | 004,567,040 | ---- | M] () MD5=12E5EDB59F4FE680B7AD9ADC8E2C17D3 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 13:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 13:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 13:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 13:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 13:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 13:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 13:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 13:40:02 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 13:40:02 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 13:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/20 06:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/20 06:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/06/10 13:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 13:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 18:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 14:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 18:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2012/02/10 16:29:43 | 003,998,208 | ---- | M] () MD5=C264145F107437CBD3B30303733AEE4F -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 13:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2012/02/10 16:29:45 | 002,256,152 | ---- | M] () MD5=C8541AECCCA9260DE93C85F214110FA8 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 18:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 18:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 18:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/04 18:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2012/02/10 16:29:44 | 000,358,912 | ---- | M] () MD5=02DD476B37E663BBBB81C47F4AF45C78 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 13:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 13:40:47 | 005,263,360 | ---- | M] () MD5=5566D4BABE2900CDB906F470F098188B -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >
[2009/06/10 14:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
[2010/03/24 19:59:54 | 000,024,576 | ---- | M] () MD5=D7E0757130EC80DB391B585932590FFA -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=14B2C8C238AF94BC08E1C072EC0D48CF -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=B287F074DBED5FDA4EC347F624282517 -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=9FCA26954D736C1057712334688D101E -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=304BA1C0F276284D6777E47792B0BCEF -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=DD5FE91BF633BA92C0945EDBEC5F6AA8 -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=E251D97E7ABB1BDFEEDBF307408558DD -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=9C568832E8D0EEF7EA08C71522180C90 -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3496.39123__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=39AAD6E9C41180A1D9ABABD34AD9A835 -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3496.39124__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
[2010/03/24 19:59:54 | 000,045,056 | ---- | M] () MD5=B6C5518B8CA573FD1E7707E8333C363D -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=93DAB0770D50E8ABF8E9F49C4879F624 -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
[2010/03/24 19:59:54 | 000,016,384 | ---- | M] () MD5=F2B5972D24BDB0AA6937A814600D3213 -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.DLL
[2010/03/24 19:59:54 | 000,045,056 | ---- | M] () MD5=466436EDF8C15D36DD2DD840CD448B25 -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=79FAC0B12F9A6F30AA8781F5AF507198 -- C:\Windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3496.39118__90ba9c70f846762e\AEM.UI.Shared.DLL
[2010/03/24 19:59:54 | 000,061,440 | ---- | M] () MD5=2CC977304D081F9813EEAA5A219B8C38 -- C:\Windows\assembly\GAC_MSIL\AEM.UI\2.0.3503.38452__90ba9c70f846762e\AEM.UI.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=095A2A8CCBAA52395DDF7AE293C6AE4C -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.DLL
[2010/03/24 19:59:54 | 000,061,440 | ---- | M] () MD5=7A6CAD4B74BEF3DB9AD7559B4078A6EB -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.DLL
[2010/03/24 19:59:54 | 000,032,768 | ---- | M] () MD5=51401F1CA5CC469394F0A2658D34B35D -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
[2010/03/24 19:59:55 | 000,007,168 | ---- | M] () MD5=EE850C95ED088E8835F2425EE551296F -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
[2010/03/24 19:59:55 | 000,045,056 | ---- | M] () MD5=E9F2A3C84D59CE514A681835E1B8C94F -- C:\Windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
[2010/03/24 19:59:54 | 000,014,848 | ---- | M] () MD5=CD632A9274E7E85B9F37F84C91595C27 -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
[2011/06/19 20:53:34 | 000,077,368 | ---- | M] () MD5=3428DFF1D8F35DB30D16478575679133 -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
[2010/03/24 19:59:54 | 000,019,456 | ---- | M] () MD5=6D48FF96C6A7EFD588AA2BFFA9760A56 -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.DLL
[2010/03/24 19:59:55 | 000,065,536 | ---- | M] () MD5=74EF310FAC89341CE2897B7F2C4A7B0F -- C:\Windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
[2010/03/24 19:59:53 | 000,262,144 | ---- | M] () MD5=8F4C7A54B8BCD274F3C647BD9B42EEC4 -- C:\Windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
[2010/03/24 19:59:55 | 000,061,440 | ---- | M] () MD5=6888680A4C522AD287F0A20E381D5BD4 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3503.38462__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,012,288 | ---- | M] () MD5=7AFCCB9C4723B41159D4A0D7BB687570 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3503.38462__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=3B97CC579009DA0DA3867B40C4B280D8 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3496.39125__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,057,344 | ---- | M] () MD5=547A69C7E4AE20C88073B009072F8FA7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Dashboard\2.0.3503.38478__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,036,864 | ---- | M] () MD5=09CFF9C6556918B84169FFFD6D5B0763 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Runtime\2.0.3503.38478__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,028,672 | ---- | M] () MD5=278288822791DD9882A6730631A0A63B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3496.39125__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,270,336 | ---- | M] () MD5=1DFE86CB14AB622583F96E21C7E118F9 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,057,344 | ---- | M] () MD5=B4B0486B9D847635689D952EE19E341A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3503.38481__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.DLL
[2010/03/24 19:59:54 | 000,028,672 | ---- | M] () MD5=71F86063AFA18981693ACE61A2A8F090 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=C0EC0E66D80F939B41EAF945E364C92E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
[2010/03/24 19:59:55 | 000,098,304 | ---- | M] () MD5=718880AEED21C1E60901858854034846 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3503.38405__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,393,216 | ---- | M] () MD5=BD13B1BFE9027E15DDCC601F292C3B5A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,040,960 | ---- | M] () MD5=A0D7660C2929A16660BD36A66A784046 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,053,248 | ---- | M] () MD5=B5AFAADD5CA89CD938BDEB4E40FF54BC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,630,784 | ---- | M] () MD5=EA68916CE6BF2744B9F886C5B632F510 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3503.38422__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,065,536 | ---- | M] () MD5=92E451765848A9B8468605D886748407 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,040,960 | ---- | M] () MD5=5E142E81872853F25C8D6EA145E8A3BC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,692,224 | ---- | M] () MD5=78AEBDE80427347C5C510852193F2D6E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3503.38430__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
[2010/03/24 19:59:55 | 000,360,448 | ---- | M] () MD5=EFC7EF135D16558A5DE0A1B7A252A57B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3503.38409__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,061,440 | ---- | M] () MD5=33C5C8D0B97C67487AD83D920B7A8D42 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,049,152 | ---- | M] () MD5=24EBE4DA9763D5FB45B6E99118243658 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,315,392 | ---- | M] () MD5=42413FE47D82C95D9258670628980223 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,032,768 | ---- | M] () MD5=D9CA8B52291012353914F313C497FD03 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,028,672 | ---- | M] () MD5=2FC97DF1BB1D825A0929E7C756A03D68 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,307,200 | ---- | M] () MD5=6E7BD2AF8925198DD86A8B07946AD27F -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
[2010/03/24 19:59:55 | 000,286,720 | ---- | M] () MD5=20CAFCC05F65B58F50DBD73966522E63 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3503.38406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
[2010/03/24 19:59:56 | 000,036,864 | ---- | M] () MD5=2054A91313CB65059B8909DB94481309 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,032,768 | ---- | M] () MD5=1FED8282D9DE66A46440EBB84AD26643 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,749,568 | ---- | M] () MD5=26E131536391C9BA5C15201B0AA5D689 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3503.38440__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,077,824 | ---- | M] () MD5=D5BECC6ABA633170B64B7AFC61EDF2FF -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,065,536 | ---- | M] () MD5=BCAECE61A9191C70F4EEEE813196030A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,364,544 | ---- | M] () MD5=DE69F398EA2E1A5DA256732035AC78E5 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3503.38443__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
[2010/03/24 19:59:55 | 000,573,440 | ---- | M] () MD5=862BC8792AC8724F7405804D208DF894 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,040,960 | ---- | M] () MD5=26B4534B909238C4882C98E44AA78763 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,028,672 | ---- | M] () MD5=961182B7C0C203F3A7343FA6DDFBB341 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,409,600 | ---- | M] () MD5=5A5C7E9441849B054974DA096B1DCC64 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.38382__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 001,736,704 | ---- | M] () MD5=40F2EEBA6F8C992EA2D8AE36AA8EEC4D -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
[2010/03/24 19:59:55 | 000,950,272 | ---- | M] () MD5=5C92E87561F500A5BC863AE5C9587FEF -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,094,208 | ---- | M] () MD5=E135ABFABC87E0500AEF00BC4CC84CDF -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,036,864 | ---- | M] () MD5=73921241DFC33AA0810B8D9F3F3500DB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,024,576 | ---- | M] () MD5=3BCD93BEFCD35069C5E2CB65A7AA2B68 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,315,392 | ---- | M] () MD5=852C83CEDBDA7CB4FA55D3AE7533658B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Dashboard\2.0.3503.38479__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,073,728 | ---- | M] () MD5=862D7B9070DBAD8A52E475439DB816F3 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Runtime\2.0.3503.38479__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,069,632 | ---- | M] () MD5=89032B9F32C6D63C87327A882EB828DF -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Shared\2.0.3496.39119__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,020,480 | ---- | M] () MD5=9746B279FCB33A9C352C549C321BEE79 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=312AB693EACCFA7BFBD0A36EB3F154DC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,196,608 | ---- | M] () MD5=F475910FAE91B92FA1EF4143989ED226 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
[2010/03/24 19:59:57 | 000,204,800 | ---- | M] () MD5=78F7D4FF5F915EC15D50F6EB9828BC9B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
[2010/03/24 19:59:56 | 000,782,336 | ---- | M] () MD5=EA9B58AF3B48B6556CE82B4E4BB65C22 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
[2010/03/24 19:59:55 | 000,081,920 | ---- | M] () MD5=F08711990322CE053C5D99C5C443F651 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,053,248 | ---- | M] () MD5=1C83A79C1EFCE08DC6BBA8E2AB66243A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,409,600 | ---- | M] () MD5=CD0F486310515452BB47A9BCD7CAA5DF -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
[2010/03/24 19:59:56 | 000,163,840 | ---- | M] () MD5=9C49922103A83D9A06B95A21031A9530 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,045,056 | ---- | M] () MD5=DB9E671A30DD60ACA66063B6982E09D9 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=39A03A169B23B413BD903C6C87FCD005 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,167,936 | ---- | M] () MD5=F8CE08B42642FD03AE71FF7E6D77950C -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3503.38453__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,040,960 | ---- | M] () MD5=2EF3C2F2C13E906BEE29677243FCD116 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3503.38453__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=0143F272DC01BAC6EE97A3D2B669C2DB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,122,880 | ---- | M] () MD5=71CC6990B39D95120BB62B318262525C -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3503.38472__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,040,960 | ---- | M] () MD5=78D44EC2EAA19C08113529115843AEC4 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3503.38471__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,028,672 | ---- | M] () MD5=75783CD503E799AC21529A02AF025135 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3496.39124__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 001,007,616 | ---- | M] () MD5=91D03216D213E938D6C05FC0C34E7D51 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3503.38401__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,069,632 | ---- | M] () MD5=172AA2807CA2E7F866F74DDEA250E964 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3503.38400__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=0B97181345EADA712E8C77711E005781 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,643,072 | ---- | M] () MD5=F4F01EA7D90D85FA7F479751CAA5015E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3503.38468__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,077,824 | ---- | M] () MD5=513BF063FA91389070A8EEF03B4401DD -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3503.38467__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,061,440 | ---- | M] () MD5=2051AE3ECCFE3247908AB408A76EA32C -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3496.39126__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,139,264 | ---- | M] () MD5=13C9761245404BAF73718C8AED6C61C6 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,049,152 | ---- | M] () MD5=7396CB0582234A4C8D0F55DBBF1B0E4F -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,028,672 | ---- | M] () MD5=41104020F0116D168CCF954C43033BEA -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,114,688 | ---- | M] () MD5=5F913E63078EF2F42C827D8501D51037 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3503.38459__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,049,152 | ---- | M] () MD5=A5D9CEC9F37BD7BD89683EF51F2FA0A7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,028,672 | ---- | M] () MD5=FEEA0DE9B9DB6FC5C2B94A3987CD749A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,118,784 | ---- | M] () MD5=CFD51FD3540D2ACF6CA1D73E36A71ED4 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,045,056 | ---- | M] () MD5=23250D4BAAC76DC2A1278DE4C5267A76 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,028,672 | ---- | M] () MD5=C432FC2A9580CB730AE3B5A26543BD73 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,102,400 | ---- | M] () MD5=CC73E152CC04CB53D78CC2D745BD0EDB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3503.38466__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,019,968 | ---- | M] () MD5=83FC151B3A83A479140BF5E3A6D6F80D -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3503.38467__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=FBFAB280BF7576C8FC708ABB10AF7674 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3496.39126__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,331,776 | ---- | M] () MD5=49D0C27AE1B48D95798633927F0CA4EA -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,061,440 | ---- | M] () MD5=C371EE769CDC57FB9AE7BFE399452AFC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,053,248 | ---- | M] () MD5=73DF5583702D134BA95BEB5DE0254C00 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,094,208 | ---- | M] () MD5=F45CD2531BC6C24B1677331F4BF59039 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
[2010/03/24 19:59:56 | 000,241,664 | ---- | M] () MD5=61E5D0584A08D2056BC4CA8631A34BBC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3503.38399__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,032,768 | ---- | M] () MD5=22FE3710728CF96ACE105576FC71F0D5 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3503.38399__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=05D89E9D0027D7A49F6506C76994BE13 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,040,960 | ---- | M] () MD5=C9791860892C5F7501A9F2F9F367F447 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,491,520 | ---- | M] () MD5=71D86FC692E5BF794C95F2C4BFA052F4 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
[2010/03/24 19:59:56 | 000,139,264 | ---- | M] () MD5=C386220011284C8BE9C459F44D695BBA -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,032,768 | ---- | M] () MD5=C97679FE028E79D1D763E2DC8240126F -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=A520644179FC7EE2B8820D57EC0DC0B5 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,061,440 | ---- | M] () MD5=26A9F66ED8C223FF1B4AA6FEDB0E9FB0 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,028,672 | ---- | M] () MD5=B060F0167968E223E8A2C2B90B77029E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=E905A27F2EEA80A30A1E382E657941F8 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
[2010/03/24 19:59:56 | 000,045,056 | ---- | M] () MD5=5C91867495CC9DA3D9113493906274FB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,086,016 | ---- | M] () MD5=0C98669D9F4DC592750910126DFFBDF8 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3503.38472__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
[2010/03/24 19:59:56 | 000,032,768 | ---- | M] () MD5=71A9CA7A525E191FCFF7F5EE2E2FC2C3 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3503.38472__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=64534930AAEB1DDF43591A11DC4C43BF -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3496.39120__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=AFB195B0F426FA2A7A229DD06581E5E8 -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
[2010/03/24 19:59:56 | 000,073,728 | ---- | M] () MD5=85B087AFD9DDA9035D1FB2F3337449D8 -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=FC0CFCBBEB1C841F11D00E5125DA8DB5 -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
[2010/03/24 19:59:57 | 000,339,968 | ---- | M] () MD5=2897E7DE166C273E4181A3110918D641 -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
[2010/03/24 19:59:55 | 000,098,304 | ---- | M] () MD5=6E912978071B7E670E9EBAB9B5289E0A -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=172A26CCC6140EFD7451CAC33867D7CE -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
[2010/03/24 19:59:57 | 000,040,960 | ---- | M] () MD5=D388532D5ED178C55695366F11A577FF -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
[2010/03/24 19:59:54 | 000,024,576 | ---- | M] () MD5=59977D5DEF9FB9D9532C3D9DE414C91B -- C:\Windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3503.38439__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
[2010/03/24 19:59:54 | 000,040,960 | ---- | M] () MD5=64CBC6DF9C9B10493DE56DD4DA378F8B -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=84CD79E74F7F2C96B4C1472076653975 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
[2010/03/24 19:59:54 | 000,065,536 | ---- | M] () MD5=0F05069F658A38DC3E959EDBCEEE7A6D -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3503.38404__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
[2010/03/24 19:59:54 | 000,155,648 | ---- | M] () MD5=BFFBBAA579E7ADC89D7905722DAA22F2 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3503.38404__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
[2010/03/24 19:59:54 | 000,065,536 | ---- | M] () MD5=5DB848B6F41CCE91D1679FFD7D7FAC3B -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3503.38405__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
[2010/03/24 19:59:54 | 000,147,456 | ---- | M] () MD5=F401C076834E334F250361DEBDEE676C -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3503.38405__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=AC09546CEB2DB8ACC865DF62E71FCE2D -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
[2010/03/24 19:59:55 | 000,024,576 | ---- | M] () MD5=ACD134498F7222276A08FDA90BAE50FF -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
[2010/03/24 19:59:54 | 001,212,416 | ---- | M] () MD5=C954B2EA0999DF8F358048DA6E228B35 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.DLL
[2010/03/24 19:59:54 | 001,032,192 | ---- | M] () MD5=861224BA6AA30A803A6232669CD08F40 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3503.38435__90ba9c70f846762e\CLI.Component.Eeu.DLL
[2010/03/24 19:59:54 | 000,061,440 | ---- | M] () MD5=F60BF5F219B4AA8A5C8E35FCEDAD5AA3 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3503.38400__90ba9c70f846762e\CLI.Component.Erecord.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=75055FFCB7082BCC5D03BE8D0C7F7E49 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.3503.38450__90ba9c70f846762e\CLI.Component.Help.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=719640D586C0D5B217BCB0025E3FE619 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3503.38391__90ba9c70f846762e\CLI.Component.Icomponent.DLL
[2010/03/24 19:59:54 | 000,278,528 | ---- | M] () MD5=6053F16CD7BB58E8A07C068281EF5998 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3503.38467__90ba9c70f846762e\CLI.Component.Launchpad.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=BCAFB7CEB60D1AE452B5DA46AAE1B5DE -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.3503.38451__90ba9c70f846762e\CLI.Component.Load.DLL
[2010/03/24 19:59:56 | 000,081,920 | ---- | M] () MD5=AAE33645A4C8887424A3CDFD26AE0280 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3503.38476__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
[2010/03/24 19:59:54 | 000,007,168 | ---- | M] () MD5=BD3A2642C74FCBC7CC7B800789EE089C -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
[2010/03/24 19:59:54 | 000,045,056 | ---- | M] () MD5=33C13598FDF6657ABC7362045626485A -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=F452B1D2CE58032408D789C95A6B4C89 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
[2010/03/24 19:59:54 | 000,057,344 | ---- | M] () MD5=35032F741BB4C9524DA1ED8D41FAB4BB -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.DLL
[2010/03/24 19:59:54 | 000,057,344 | ---- | M] () MD5=12F3634A4290CD20AAB560E3C93BC5BB -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
[2010/03/24 19:59:54 | 000,552,960 | ---- | M] () MD5=158D86B20972D746C2D7D335CF6A6CF8 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.DLL
[2010/03/24 19:59:54 | 000,024,576 | ---- | M] () MD5=72A872466C1AA3098F6921FC67FE6DB2 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=9C46DC0454B10F4B248A22086EB6A9E6 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
[2010/03/24 19:59:54 | 000,405,504 | ---- | M] () MD5=3B26370157D72BC3A0BBC38950A47116 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.DLL
[2010/03/24 19:59:54 | 000,040,960 | ---- | M] () MD5=BCC2A489A81A58F8E954F314B0944876 -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.DLL
[2010/03/24 19:59:55 | 000,028,672 | ---- | M] () MD5=A0F90172F97BEDF05B0F170302F45C3F -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
[2010/03/24 19:59:55 | 000,094,208 | ---- | M] () MD5=EC8115A7CBDB2D4B9FDD827268E5840D -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=16FE70750F530B8063D6EE6CD0EEDC72 -- C:\Windows\assembly\GAC_MSIL\CLI.Implementation\2.0.3503.38368__90ba9c70f846762e\CLI.Implementation.DLL
[2010/03/24 19:59:55 | 000,065,536 | ---- | M] () MD5=944F2877D1730CAB527F5E2CBA68B28E -- C:\Windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
[2010/11/04 18:52:35 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
[2009/06/10 14:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=110D2A7BBFBA80AAE36B5F229FE800AD -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
[2010/03/24 19:59:55 | 000,045,056 | ---- | M] () MD5=CCE69BC85D019F49691C592DDCC2FA97 -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=3DBC47609EB7C5F765AF5298471A25D1 -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=0DEAB952A0A36ABCB6270FE45D3CACE1 -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=2E7FAB502A8615B1AAB0EAB35AFBCA3B -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=781D48F4CF23032D039A8406D31AAF90 -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.DLL
[2010/03/24 19:59:55 | 000,020,480 | ---- | M] () MD5=C5414513E25D8F487B58AD5D46EB66C5 -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3337.29328__90ba9c70f846762e\DEM.OS.I0602.DLL
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=AC65FB8CF6D49BDD5EECAC2CA637FAD1 -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3337.29364__90ba9c70f846762e\DEM.OS.DLL
[2009/06/10 14:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
[2010/11/20 05:32:20 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
[2010/11/20 05:32:20 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
[2009/07/13 14:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config
[2009/07/13 18:46:13 | 000,015,872 | ---- | M] () MD5=CC471B699BEF83A45837119601B70B78 -- C:\Windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll
[2009/07/13 18:46:13 | 000,011,776 | ---- | M] () MD5=357EB8AECD2A0F8BD6DB22485DDDE5B9 -- C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll
[2009/07/13 18:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll
[2009/07/13 18:46:06 | 000,040,960 | ---- | M] () MD5=7CDDCF15C57641475340FEDEE86D69DE -- C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll
[2010/11/20 05:32:20 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
[2009/07/13 18:46:06 | 000,086,016 | ---- | M] () MD5=712FF5DB0DAC5697ABCA9AC6472EAC8B -- C:\Windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll
[2009/07/13 18:46:06 | 000,006,144 | ---- | M] () MD5=7F93BA47D13A831EBC7AE6EA6B7C7EFF -- C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll
[2009/07/13 18:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll
[2009/07/13 18:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll
[2009/07/13 18:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll
[2009/07/13 18:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll
[2010/11/20 05:32:21 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
[2010/11/20 05:32:21 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
[2010/11/20 05:19:48 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll
[2010/11/20 05:32:20 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll
[2011/06/19 20:53:12 | 000,123,448 | ---- | M] () MD5=2F1673B92307A18CDE13096F2233F636 -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
[2011/06/19 20:53:12 | 000,012,856 | ---- | M] () MD5=023D45DDF9652081AF145023529C5D2C -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant\5.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
[2011/06/19 20:53:13 | 000,869,888 | ---- | M] () MD5=33702AEF2D60305FDAA54ABE05DA4F6D -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
[2010/03/24 20:20:31 | 000,055,864 | ---- | M] () MD5=9A4E41F7D44BE0235CDABC8DF6797387 -- C:\Windows\assembly\GAC_MSIL\HP.TouchSmart.InfoviewWindow\1.2.0.0__436e80ff5a6fd94d\HP.TouchSmart.InfoviewWindow.dll
[2011/06/19 20:53:33 | 000,092,728 | ---- | M] () MD5=E5D813BD469AADDB564F46209F93A7D6 -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
[2009/06/10 14:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
[2009/06/10 14:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
[2009/06/10 14:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
[2010/03/24 19:59:55 | 000,131,072 | ---- | M] () MD5=5D29E862E0FA0E75B48D7AA17B054D58 -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
[2009/07/13 18:50:20 | 000,106,496 | ---- | M] () MD5=F76D606A61706863C800159442F3E9DA -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=F46414681DBA7512F62CF72F6156051F -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
[2010/03/24 19:59:54 | 000,065,536 | ---- | M] () MD5=608090E5E7E54EC80151EA9AB1741E50 -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
[2010/03/24 19:59:54 | 000,036,864 | ---- | M] () MD5=03C407121D50B92456B3FEC09DABEDD9 -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.DLL
[2010/03/24 19:59:55 | 000,032,768 | ---- | M] () MD5=2512545CE18EC436A8E56418410BC629 -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.DLL
[2010/03/24 19:59:54 | 000,086,016 | ---- | M] () MD5=B6DEF916A44AA2E7B01FA5EDEE336F4B -- C:\Windows\assembly\GAC_MSIL\LOG\2.0.3503.38451__90ba9c70f846762e\LOG.EXE
[2010/11/20 06:44:11 | 000,741,376 | ---- | M] () MD5=F3A7B22F00F8E2F9383338BF4FF4F786 -- C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
[2009/07/13 18:47:33 | 000,053,248 | ---- | M] () MD5=49F7D995FB172163A378CFAD66296694 -- C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll
[2009/07/13 18:47:44 | 000,118,784 | ---- | M] () MD5=32169C979FCC2937779F1299C26FFE0A -- C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll
[2010/11/20 06:44:11 | 000,207,872 | ---- | M] () MD5=C97FCB65C600CBE7A78C409DC10736FE -- C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
[2010/11/20 05:32:22 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\Windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
[2010/11/20 06:16:44 | 000,007,168 | ---- | M] () MD5=EE0FEDAA1ECF70EC7C201BC6FB7D256A -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
[2009/07/13 18:46:31 | 000,057,344 | ---- | M] () MD5=6F07957980012E2C639A1469CC82BE68 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
[2009/06/10 14:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
[2010/07/24 09:09:28 | 000,106,496 | ---- | M] () MD5=4F1E7D370C91BB2325FE15861D5291B2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.dll
[2010/11/04 18:57:44 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 18:53:30 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 18:57:44 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2009/06/10 14:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2010/11/04 18:53:36 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
[2010/11/04 18:57:45 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
[2010/11/04 18:53:30 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
[2010/11/04 18:57:45 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
[2009/07/13 19:33:04 | 000,036,864 | ---- | M] () MD5=00BAFAF60E0E5EFCB34BF360FF65FA0F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll
[2009/06/10 14:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
[2009/07/13 19:13:00 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
[2009/07/13 18:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
[2009/07/13 18:52:03 | 001,159,168 | ---- | M] () MD5=4184F48A2A7F0E8349BFC82734313D73 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll
[2009/07/13 18:51:58 | 000,024,576 | ---- | M] () MD5=675B4FDF8010FB917CC3810D4CBF7F7D -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll
[2009/07/13 18:51:44 | 000,086,016 | ---- | M] () MD5=CA7C89AEAC56920195226101750DBCD9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll
[2009/07/13 18:52:21 | 000,045,056 | ---- | M] () MD5=7BCAA93888177CF3C58EA93EFB648E54 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll
[2010/11/20 05:35:58 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
[2010/11/20 05:35:58 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
[2010/11/20 05:35:59 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
[2010/11/20 05:35:59 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
[2010/07/24 09:09:30 | 000,069,632 | ---- | M] () MD5=BA7F254248637B611DE7090207DE1891 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
[2010/07/24 09:09:22 | 000,043,840 | ---- | M] () MD5=0B8A9BB294B8CF79C99DD3486317285C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
[2010/07/24 09:09:22 | 000,039,728 | ---- | M] () MD5=A4DAC1328EB3271B7F18B56572BC6433 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
[2010/07/24 09:09:22 | 000,060,200 | ---- | M] () MD5=F8B8E043A7CF09E811A9914BA4A6FE34 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
[2009/07/13 19:33:06 | 000,010,752 | ---- | M] () MD5=379089FDE4608B9401EC95B274542576 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
[2010/11/20 06:44:11 | 000,102,400 | ---- | M] () MD5=6EAAC822D547374E6262AFBA30401E5F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
[2010/11/20 06:16:44 | 000,036,864 | ---- | M] () MD5=FFA7D0C210B6E1B47E15525053B725D4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
[2010/11/20 06:44:11 | 000,290,816 | ---- | M] () MD5=801F0D419E2B3602218348BFB45C230D -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
[2009/07/13 19:33:06 | 000,049,152 | ---- | M] () MD5=B32152DF054633A28F4D5E2AEDDF5F19 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
[2010/11/20 06:44:12 | 000,667,648 | ---- | M] () MD5=2B291883E64693401A7DD55A5F35B249 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
[2010/11/20 06:16:44 | 000,040,960 | ---- | M] () MD5=951B942088F27F3895B8B3A08E8530A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
[2009/07/13 18:46:58 | 000,200,704 | ---- | M] () MD5=4A096A4B77AE0C49D3628CE164EEC3C2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
[2009/07/13 19:33:08 | 000,069,632 | ---- | M] () MD5=2CF04D9D956AF6FC9381271E55AEAA91 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
[2010/11/20 06:44:12 | 000,991,232 | ---- | M] () MD5=B4D0FCD1E5681E61534CD0DE182BB88A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
[2009/07/13 19:33:10 | 000,040,960 | ---- | M] () MD5=E2D60DEED2AA1F403CC63739AEF5E4A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
[2009/07/13 18:47:40 | 000,651,264 | ---- | M] () MD5=031F6012ED32D35DCE00CCAB160C75CF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
[2009/07/13 19:33:08 | 000,016,896 | ---- | M] () MD5=C197070E1F609DD5F6D0D903D8ADE915 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
[2009/07/13 18:47:11 | 000,278,528 | ---- | M] () MD5=D05827F60C018DA99938BFAF3659C9DB -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
[2009/07/13 19:33:08 | 000,009,216 | ---- | M] () MD5=C4A74FA93F0FDAE5E72E4AE147FE242B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
[2010/11/20 06:44:12 | 000,077,824 | ---- | M] () MD5=EAB08B2E94E52E818B1892C64607AB58 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
[2009/07/13 19:33:10 | 000,073,728 | ---- | M] () MD5=AD97A4CA111C67B9CC070DD073776B3B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll
[2009/07/13 18:48:24 | 000,192,512 | ---- | M] () MD5=05DD252C92F92A1CFCFF84903D0225B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
[2009/06/10 14:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
[2009/06/10 14:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
[2010/11/04 18:57:46 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
[2009/06/10 14:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
[2010/11/04 18:57:46 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
[2009/06/10 14:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
[2009/06/10 14:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
[2010/07/24 09:09:25 | 000,733,184 | ---- | M] () MD5=6EB73468B811FEA67F87367A28D181BB -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
[2010/07/24 09:09:26 | 000,106,496 | ---- | M] () MD5=D55A304702CC9F83A54F67FB4FA90549 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll
[2010/07/24 09:06:30 | 000,049,152 | ---- | M] () MD5=0204A4EFAC2AB1338FE398389103392B -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
[2010/07/24 09:09:26 | 000,434,176 | ---- | M] () MD5=A3FE76ED7AB2DE1ED1CD58BFCA4C4308 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
[2010/07/24 09:09:31 | 001,859,584 | ---- | M] () MD5=898EE60BEE554C509969149875DDE899 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll
[2010/07/24 09:09:31 | 000,024,576 | ---- | M] () MD5=3498FAA72B4643AC448913473ECAB5A6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
[2010/07/24 09:09:31 | 000,049,152 | ---- | M] () MD5=0FEABE92B0B9BF5A12A2E052346750A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll
[2010/07/24 09:09:28 | 000,032,768 | ---- | M] () MD5=BCD01AA9DF13CA298DE8E5603810CF16 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
[2010/07/24 09:09:26 | 000,344,064 | ---- | M] () MD5=E955D901EA021B4E89BAA07914070B11 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll
[2010/07/24 09:09:28 | 000,004,096 | ---- | M] () MD5=36C05C727EC46ABB326CC182A43E02E3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
[2010/07/24 09:09:33 | 000,806,912 | ---- | M] () MD5=C95AFA6E9733A5118C076A26CD1B2267 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll
[2010/07/24 09:09:27 | 000,249,856 | ---- | M] () MD5=D3D257A5140422A17ECB4D85A249EF36 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll
[2010/07/24 09:09:28 | 000,376,832 | ---- | M] () MD5=669D7717532331180C86E692EFC248AE -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
[2010/07/24 09:09:26 | 000,015,872 | ---- | M] () MD5=E44AA3564E4C522C8FC9B51196488955 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
[2010/07/24 09:09:24 | 000,211,736 | ---- | M] () MD5=2D273C8B22DA28704B4968E5197A793F -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
[2010/07/24 09:09:24 | 000,105,248 | ---- | M] () MD5=F05A0DC8BC23982813A4AD61EAA89E7D -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
[2010/07/24 09:09:23 | 000,330,520 | ---- | M] () MD5=7FBD0EDFBE1A28CD9FC392735699E749 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
[2010/07/24 09:09:24 | 000,039,712 | ---- | M] () MD5=52FC5D2D66561348D3ECF4BB5F55145D -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
[2010/07/24 09:09:24 | 000,039,704 | ---- | M] () MD5=3DAE657D730C6B4E50107831F7B334E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
[2010/07/24 09:09:23 | 000,072,472 | ---- | M] () MD5=69A552F5D231C02F43F1E18ABC69B131 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
[2010/07/24 09:09:25 | 000,016,384 | ---- | M] () MD5=4D064E04F3D498E49F545FBEFEFD39EF -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
[2010/07/24 09:09:26 | 000,360,448 | ---- | M] () MD5=6197D7C45305377B8DC0B72DCCF7BC45 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll
[2010/07/24 09:09:26 | 000,073,728 | ---- | M] () MD5=8CAE0671D23233812E0C2F2AE9368FDC -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
[2010/07/24 09:06:25 | 000,053,248 | ---- | M] () MD5=5AEE74056A4EF4ADEB708D17BACFD5F3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
[2010/07/24 09:09:26 | 000,294,912 | ---- | M] () MD5=84C39155D5D6AEDBECB9E1C6C107E305 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll
[2009/06/10 14:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
[2009/06/10 14:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
[2010/07/24 09:09:30 | 004,202,496 | ---- | M] () MD5=8980A73297251F71AE19E319A1413A5E -- C:\Windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=E935C47D0C44352C7D6525A1325ABED3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll
[2009/07/13 18:51:58 | 000,009,728 | ---- | M] () MD5=4D851ACFD99800153B512F98DE8EE53F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=3CC03A1C2E1969B4EF4659D07A955BD5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll
[2009/07/13 18:49:05 | 000,010,752 | ---- | M] () MD5=22C1F179C2141626AF5AA4EE3B466F70 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=83CB16FC8537B2D0A47A0D7728074CF7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll
[2009/07/13 18:49:19 | 000,009,216 | ---- | M] () MD5=3E54B66D932C3B9ACF9A85DCBCB9012A -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll
[2009/07/13 19:33:12 | 000,004,096 | ---- | M] () MD5=C7B89E6373CAA6563CC190AF83AB8189 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll
[2009/07/13 18:49:36 | 000,008,192 | ---- | M] () MD5=46F52892AE2A9F422A992E67109C26B3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll
[2010/11/20 06:16:44 | 000,004,096 | ---- | M] () MD5=4F99E7FCEBE740F038392F993D910CAE -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll
[2009/07/13 18:49:35 | 000,024,576 | ---- | M] () MD5=D63EFE70138DD63ED305547E154185DB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll
[2009/07/13 19:33:12 | 000,006,656 | ---- | M] () MD5=332AB4925318F2B2CA3E6D31D69BBA74 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll
[2009/07/13 18:49:35 | 000,049,152 | ---- | M] () MD5=C7266BF807067847FE533B5130F3476E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll
[2009/07/13 19:33:12 | 000,013,824 | ---- | M] () MD5=DD6902F80F16E9EBDC289FFB376F921A -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
[2010/11/20 06:44:12 | 000,286,720 | ---- | M] () MD5=045923382F35E9C922AC8693F1240645 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
[2009/07/13 18:49:51 | 000,007,168 | ---- | M] () MD5=FD9DC207646A40F715B2E3FA12FF8B2F -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
[2009/06/10 14:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
[2009/07/13 19:13:12 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll
[2010/11/20 05:36:00 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
[2010/11/20 05:19:49 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll
[2009/07/13 18:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
[2010/11/20 05:19:49 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll
[2009/07/13 18:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
[2010/03/24 19:59:55 | 000,016,384 | ---- | M] () MD5=6E0E50B9327AA3C29827F9820C9EE0C8 -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.DLL
[2010/03/24 19:59:54 | 000,106,496 | ---- | M] () MD5=0D0FB0DC470A69D4745C16CDAB70F857 -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.DLL
[2010/03/24 19:59:55 | 000,065,536 | ---- | M] () MD5=E7704CBF568815C1CAA6E513387BD3F2 -- C:\Windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
[2009/07/13 19:32:00 | 000,049,152 | ---- | M] () MD5=341507487E1AD54BE8079C7637810C9E -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll
[2009/07/13 18:50:10 | 000,073,728 | ---- | M] () MD5=2E112025F72F2BF1302D8D5AA9014977 -- C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL
[2009/07/13 19:32:16 | 000,233,472 | ---- | M] () MD5=6B24C82334B7A52A1349E6E5BB162D88 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll
[2009/07/13 18:50:24 | 000,454,656 | ---- | M] () MD5=6F6170493DADDBAE1AFF0A2E2FABAE34 -- C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL
[2010/11/20 06:44:13 | 001,077,248 | ---- | M] () MD5=AFA10DB13B9A0537297AEEF2CD66352F -- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
[2010/03/24 19:59:55 | 000,028,672 | ---- | M] () MD5=A727242821845F24ADE15D3A84FA0D01 -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.DLL
[2010/03/24 19:59:54 | 000,019,968 | ---- | M] () MD5=56E342A2D470A4ABD3C1107D4FB21FE6 -- C:\Windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3503.38463__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
[2010/03/24 19:59:54 | 000,016,384 | ---- | M] () MD5=44E8945E29710035DCB467F4BB1032B4 -- C:\Windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3496.39120__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
[2010/03/24 19:55:14 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config
[2010/03/24 19:55:14 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
[2010/03/24 19:55:14 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config
[2010/03/24 19:55:14 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
[2010/03/24 19:55:14 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config
[2010/03/24 19:55:14 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
[2010/11/04 18:53:21 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
[2009/06/10 14:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
[2009/06/10 14:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2009/06/10 14:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
[2009/06/10 14:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
[2010/11/04 18:53:23 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
[2009/06/10 14:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
[2012/02/10 16:31:41 | 005,283,840 | ---- | M] () MD5=530DFD580E4C341B267ED4E2A56B8233 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
[2009/06/10 14:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
[2012/02/10 16:31:41 | 000,532,480 | ---- | M] () MD5=93CF6C96CDBFC1834A28F835B769E8BA -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
[2010/03/24 19:59:54 | 000,651,264 | ---- | M] () MD5=597291068DB9D564AA87A6D81AFD06FB -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.DLL
[2010/03/24 19:59:54 | 000,020,480 | ---- | M] () MD5=2C3A2E0D1426F0CE87489F9F22E74ECE -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.DLL
[2009/06/10 14:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
[2010/11/04 18:52:39 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
[2010/11/04 18:52:39 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
[2009/07/13 18:48:50 | 000,086,016 | ---- | M] () MD5=6B16E2A529A703956915122B895DA5F6 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll
[2009/06/10 14:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
[2010/11/04 18:53:30 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
[2010/07/24 09:09:24 | 000,039,624 | ---- | M] () MD5=80F57E4804E4BA1B203F8427C0475470 -- C:\Windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
[2012/01/03 19:50:53 | 000,163,840 | ---- | M] () MD5=C2EC2AD05B97F9124399E1DA1D1386C2 -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
[2010/11/04 18:53:30 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
[2010/11/04 18:58:04 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
[2010/11/04 18:58:04 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
[2010/11/04 18:53:30 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
[2010/11/04 18:53:31 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
[2010/11/04 18:53:31 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
[2010/11/04 18:53:31 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
[2010/11/04 18:53:31 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
[2010/11/04 18:53:32 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
[2010/11/04 18:53:32 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
[2010/11/04 18:53:32 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
[2009/11/05 17:50:35 | 000,236,392 | ---- | M] () MD5=A200E7209B42BAA18F438695CE45B0B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
[2010/11/04 18:58:05 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
[2010/11/04 18:58:05 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
[2010/11/04 18:58:06 | 004,927,488 | ---- | M] () MD5=2D7D124DCC4E7643F2B8AB4592150950 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
[2010/11/04 18:53:32 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
[2009/06/10 14:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
[2010/11/04 18:58:06 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
[2009/06/10 14:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
[2010/11/04 18:58:08 | 000,626,688 | ---- | M] () MD5=34B28F4AD92F4A75D739F7B0E06858EF -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
[2010/11/04 18:52:27 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
[2010/11/04 18:52:27 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
[2009/06/10 14:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
[2009/07/13 19:32:38 | 000,253,952 | ---- | M] () MD5=49D669DD9F8F3D4D8600D94EFB46EDF8 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
[2010/11/20 06:44:13 | 003,010,560 | ---- | M] () MD5=54ECF49D6A42B61AA582216AAEB9657D -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
[2010/11/04 18:53:32 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
[2010/11/04 18:58:09 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
[2010/11/04 18:58:09 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
[2010/11/04 18:53:32 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
[2010/11/04 18:58:10 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
[2009/06/10 14:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/04 18:52:27 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010/11/04 18:58:10 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
[2010/11/04 18:52:40 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
[2010/11/04 18:52:41 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
[2010/11/04 18:52:44 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
[2010/11/04 18:52:30 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
[2010/11/04 18:58:10 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
[2009/06/10 14:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
[2010/11/04 18:53:32 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
[2010/11/04 18:53:32 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
[2010/11/04 18:53:32 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
[2010/11/04 18:53:32 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
[2010/11/04 18:53:33 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
[2010/11/04 18:53:33 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
[2011/12/25 13:42:15 | 001,277,952 | ---- | M] () MD5=58AD1FECFBAEE633D6326377D8E0982E -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
[2010/11/04 18:58:11 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
[2009/06/10 14:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
[2010/11/04 18:53:33 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
[2010/11/04 18:58:12 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
[2012/01/03 19:51:04 | 005,025,792 | ---- | M] () MD5=33994DFF03481DB13CA3E37DB920E1B2 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
[2009/06/10 14:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
[2010/11/04 18:53:45 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
[2010/11/04 18:53:46 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
[2010/11/04 18:53:46 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
[2010/11/04 18:52:45 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
[2010/11/04 18:53:34 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
[2010/11/04 18:58:14 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
[2012/01/03 19:51:03 | 003,190,784 | ---- | M] () MD5=5259AD96BE93F3DC9B649759DAC05B7A -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
[2009/07/13 19:12:46 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll
[2010/11/20 05:36:00 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll
[2009/06/10 14:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
[2009/06/10 14:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
[2009/06/10 14:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
[2009/06/10 14:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
[2010/07/24 09:09:23 | 000,013,024 | ---- | M] () MD5=8388E76E9B756543BA0457B7145EED0F -- C:\Windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\8.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll
[2012/02/10 16:31:42 | 001,253,376 | ---- | M] () MD5=9F668404AB36B97B0FF5C4B140A1F1FE -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
[2009/06/10 14:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
[2010/11/04 18:52:42 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath /s >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: LUPITA-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Volume 2 C NTFS Partition 282 GB Healthy Boot
Volume 3 D RECOVERY NTFS Partition 15 GB Healthy
Volume 4 E HP_TOOLS FAT32 Partition 103 MB Healthy
Volume 5 G PATRIOT FAT32 Removable 7636 MB Healthy

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\system64\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CONSRV.DLL >
[2009/07/13 18:39:37 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=F75AA2E7050AB2ED448A2D4250781B27 -- C:\FRST\Quarantine\consrv.dll

< MD5 for: CSC.SYS >
[2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) MD5=4A6173C2279B498CD8F57CAE504564CB -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_fa3d3a8e759850bd\csc.sys
[2010/11/20 02:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys

< MD5 for: DFSC.SYS >
[2009/07/13 16:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=3F1DC527070ACB87E40AFE46EF6DA749 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_e38f1f84ffcceb85\dfsc.sys
[2011/04/26 19:45:11 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=59E1C75E5DDBB70BF5A9C6A34D31B4AC -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_e43734fe18d3f691\dfsc.sys
[2010/11/20 02:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 02:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\system64\drivers\dfsc.sys
[2010/11/20 02:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
[2011/04/26 19:57:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9C253CE7311CA60FC11C774692A13208 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_e3e4a818ff8ce469\dfsc.sys

< MD5 for: DISK.SYS >
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\system64\drivers\disk.sys
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\system64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EXPLORER.EXE >
[2010/03/24 19:53:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/24 19:53:08 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/24 19:53:08 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/24 19:53:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: I8042PRT.SYS >
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\system64\drivers\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\system64\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\system64\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: LSASS.EXE >
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/13 18:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/16 23:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011/11/17 00:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\ERDNT\cache64\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\system64\lsass.exe
[2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/16 23:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe

< MD5 for: NETBT.SYS >
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\system64\drivers\netbt.sys
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: SERIAL.SYS >
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\system64\drivers\serial.sys
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\system64\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 06:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/13 23:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 03:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2010/04/09 04:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/13 23:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2010/04/09 00:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\system64\drivers\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\system64\drivers\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#12 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 15 May 2012 - 01:28 AM

OTL Extras logfile created on: 5/14/2012 6:29:05 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Lupita\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 68.07% Memory free
7.49 Gb Paging File | 6.30 Gb Available in Paging File | 84.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.51 Gb Total Space | 231.29 Gb Free Space | 81.87% Space Free | Partition Type: NTFS
Drive D: | 15.28 Gb Total Space | 2.51 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.22 Mb Free Space | 95.85% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 1.94 Gb Free Space | 26.08% Space Free | Partition Type: FAT32

Computer Name: LUPITA-PC | User Name: Lupita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 0
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25B1A6E1-1EAD-4289-8EF6-FFD3900773E3}" = lport=138 | protocol=17 | dir=in | app=system |
"{3302FBD2-64E7-4A40-AA3F-60CD5F51B1E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{4A2B2B5F-E5B5-481D-BB4F-743ADA413A1D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{64DB5CD0-3248-4EC6-BD80-D24CB83CD65E}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CEFF54A-8F90-45B4-A0EC-0BB7F7FB1084}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E56F401-BA91-4DBA-B316-1AD2C007A3E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81BE8880-78E8-4BA8-951B-E9DCD20272DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DC05C34-C31A-4212-98B4-F76700311298}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E0ECA3C-CA76-4327-8CEB-08D5AB318025}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F7349DA-5781-454D-8108-67CCBC0A4FA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{948C600F-B509-4CA2-AE69-F8C86CB49701}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACB30BFE-AFCB-4C99-A62C-1A9B8557F62D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ED23CB2E-195F-4CDE-8840-51BCAE10E7F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F3448E33-285D-40B2-981E-F77387284E76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6C1ADA2-BC11-4E8B-BEF9-02AE8C94FFAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAF3391D-935D-42E2-B63E-947DACA0B3CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{FB37415D-F729-41D3-BDE6-5D817AD9C0AC}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E7ACB21-0537-47C4-BC3D-A2D57E528DE3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{16E43AF7-376D-40FB-810B-8F3E03B8E175}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1DB1892A-21D5-4C28-BC49-23F230A743B8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{21C95073-EFB8-4621-95B5-8422DB90B2BF}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe |
"{242E7992-BBE4-4FD2-8BB4-B930C8E116D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{299DCC3F-E1E1-46CF-A2B4-CEC8BF90A1EC}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{2F3627F5-F6A7-4A81-8F17-53C774E67424}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{308F3248-03AF-4936-A4FC-1D1045311622}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{39D62F27-003C-4E67-8A83-5B2C6FD587DE}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3B40FA6F-E651-4DA8-AEEE-35DC4AF686B1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe |
"{3B836994-D063-458A-A5AB-447E91BA3BA1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3BDCB50E-A6E8-4FFB-A64A-EF56C062E9D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{46E982E9-6030-4758-A752-239CFCF8CD1C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48A135F2-7453-4078-B782-5D02FA618359}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{4F3C812B-959A-458D-87B7-CD1BFDDD57C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{5056EE86-CCE5-4A6E-89B6-B8337077D63C}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{520DE545-3D07-4196-86AE-CE22B31ED016}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{56862368-30AB-449E-B1C6-04698F7E308B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{591B1F92-19F9-4E93-AD49-28D7E7BC079D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{61CE5777-34C6-4F25-9B8C-1C478833C151}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6766075A-45F8-491E-A005-DE48142E3A9B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6B72D540-32BB-4606-9928-4ADBB638FA0D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6D0B6602-1072-4DCC-A464-EE91E9D8DF59}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{6E08093B-4AEA-4F8E-AA7B-AAA5043FC4A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |
"{6FF82FFA-215B-4341-8A4A-51C510198AB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{800EE5D6-C668-43B6-B1A5-AE0669573C8C}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{87945E37-27B2-400E-A566-F186527C72EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8E54F62F-A538-4670-B372-178E570174ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{95107965-2D74-4063-B73D-65A5C9517DA9}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{9A5E15CA-B0E8-4888-AAA7-059518A856CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CFBDD2B-8070-4314-91AC-42F4D6100D39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9E405C8A-FEFD-46E0-A964-1691B471D135}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A0859FB1-0752-422E-B354-BBD30606B5E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A8439FAD-9D7F-4876-9E33-4063CFEB7309}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{B877963E-BAAF-4917-97E0-3D14D4EC1E26}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BA7B0863-67D4-47E0-9B48-A7A5902BC803}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{BFDDE613-1E48-4213-B724-E20253FC1F11}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C50852AD-FA1E-410F-AF62-142725977E2E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C948364C-BC1A-473A-84B7-ED39B29D9308}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe |
"{D2A4DB45-62BF-433C-ABCF-91E8E542195A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe |
"{D37A193B-78D4-4563-8917-08FD5624B252}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D7E6C706-7E21-4F6A-B751-042BB73A3179}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{DC345C04-37F4-436D-9966-D35C1FE18694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E549A938-1F1A-4F1B-A004-FE2D56F4043A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{EB160110-11FF-4B35-A5C1-6E46A7B98BB1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |
"{ECCD2317-3F15-44AA-8C30-BF2D0B649615}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{F9E26775-799A-4964-A2FD-8E3EA528DCC7}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"TCP Query User{036A694E-975B-4559-B395-01939B2A2EEE}C:\program files (x86)\limewire plus+\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire plus+\limewire.exe |
"TCP Query User{1A88F08C-9CD8-475D-97DF-27406627863B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{ACCF9B73-CA2C-4FC9-A724-C0E03B0CC046}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{BE0E4FE6-95CD-4CF9-90A6-DAB25AB76125}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{E28DDC44-BF92-48DF-AFF9-2303C4ACF721}C:\users\lupita\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\lupita\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{FCA61A26-BE0D-43F6-89F0-F44B91A5A806}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{030A3CFB-9241-4D39-A6B1-71F0B50263CB}C:\program files (x86)\limewire plus+\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire plus+\limewire.exe |
"UDP Query User{60005C37-28DF-4434-8567-0873FB9F2AAB}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{8E414128-EBF6-4F3A-AFB1-452F52750432}C:\users\lupita\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\lupita\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{98408494-D641-445D-B96A-9F770B2529E0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{ABD87A6E-54A5-4E27-9FF0-2823B2A25723}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{EB078B99-3C5B-4AA3-AAB9-539C8986E16E}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{292095A0-0978-E164-E89D-A5A4D43E6E0A}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAD2A992-14E4-4B85-2882-FAB8A81495B3}" = ATI Catalyst Install Manager
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AT&T Wireless Connection Tool" = AT&T Wireless Connection Tool
"ATT-RC" = ATT-RC Self Support Tool
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A172790-D5B6-26A5-8547-90299D24217B}" = CCC Help Polish
"{0ADFE5AD-8554-EFF6-15D2-617DAD521BCA}" = CCC Help Thai
"{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1" = And Yet It Moves 1.2.0
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1924F478-7572-FEBD-2F81-58B844867A73}" = CCC Help Finnish
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288F40F3-62DB-869E-B94A-20363CD2E53F}" = CCC Help German
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{385F4954-2ECF-75CC-2503-30CD274C6B7C}" = Catalyst Control Center InstallProxy
"{3A4E0984-2369-38F3-B2B4-DAF64350E86D}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD3B705-467B-408D-A09D-5BF61A59F088}" = HP MediaSmart/TouchSmart Netflix
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{42E59E3C-546E-1478-9D69-FA3A5FA5BE03}" = CCC Help Swedish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45E5D641-3C82-4F95-92FB-AE5459DF2988}" = HP User Guides 0146
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1" = Crayon Physics Deluxe version 55
"{4F1E93EA-04F2-8CA2-1DCC-BB2DDBCD04C1}" = CCC Help Chinese Traditional
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{570463EB-8903-21EB-836F-4626ACE3B182}" = CCC Help Norwegian
"{599D8442-C766-0EA8-5916-12620B390B1F}" = CCC Help Italian
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{69E8D61E-958D-0520-EECF-0E7FCFA2199B}" = CCC Help Chinese Standard
"{6C46C04E-0C61-643F-82E0-E523E6D1B0B1}" = CCC Help Turkish
"{7104E5FC-0C37-81AE-D16E-131DB784A034}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775646F7-D78C-15FE-D8F5-BEF090ED46AD}" = CCC Help Spanish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8175C186-272C-5A77-9732-E6599E9D56AA}" = CCC Help Russian
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87CF1DC8-D378-432D-D2C0-D97154D07A91}" = CCC Help Czech
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AB5B56-1B17-FCCD-E7A9-23FB3394E218}" = ccc-core-static
"{90F8D8C3-41A1-A567-82A5-C07FB5687CEF}" = CCC Help Japanese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92550A5-E547-CCEE-BF18-0650BBA6ED9C}" = CCC Help Korean
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BBA2D424-04D8-DF59-9EC0-5D62D938A640}" = Catalyst Control Center Graphics Previews Vista
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE8F5661-E593-B6BF-5A29-18AD890E476F}" = CCC Help Hungarian
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB661E7C-9CA1-A0C9-5D49-9062C646B6C4}" = Catalyst Control Center Graphics Light
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E6BB8835-0E9F-A0F1-F397-79755C30B9D6}" = Catalyst Control Center Localization All
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EC831877-9222-CC80-7658-0FACF3DB2FA5}" = Catalyst Control Center Graphics Full New
"{ECC69DCE-F419-FE45-78E1-B852DDFFB51D}" = CCC Help Greek
"{ED627D6A-BC6C-A984-AC79-8AD7C375D493}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F264C55C-B48B-544C-5F01-E2DA9A24438C}" = Catalyst Control Center Graphics Previews Common
"{F65AD023-74BD-C648-A0E3-FA6B18249932}" = CCC Help Portuguese
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F830A576-A236-1EB6-3926-5905E9C839F0}" = Catalyst Control Center Graphics Full Existing
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD5E7DF2-BD3B-F1FF-743B-7C82D6F805A1}" = CCC Help French
"{FFDB79F5-F4FC-14D0-728C-8A9B539C9967}" = Catalyst Control Center Core Implementation
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATT-RC" = ATT-RC Self Support Tool
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Graboid Video" = Graboid Video 3.05
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"XfireXO Toolbar" = XfireXO Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

20:07:26.0113 3052 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:07:26.0144 3052 ============================================================
20:07:26.0144 3052 Current date / time: 2012/05/14 20:07:26.0144
20:07:26.0144 3052 SystemInfo:
20:07:26.0144 3052
20:07:26.0144 3052 OS Version: 6.1.7601 ServicePack: 1.0
20:07:26.0144 3052 Product type: Workstation
20:07:26.0144 3052 ComputerName: LUPITA-PC
20:07:26.0144 3052 UserName: Lupita
20:07:26.0144 3052 Windows directory: C:\Windows
20:07:26.0144 3052 System windows directory: C:\Windows
20:07:26.0144 3052 Running under WOW64
20:07:26.0144 3052 Processor architecture: Intel x64
20:07:26.0144 3052 Number of processors: 2
20:07:26.0144 3052 Page size: 0x1000
20:07:26.0144 3052 Boot type: Normal boot
20:07:26.0144 3052 ============================================================
20:07:27.0376 3052 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:27.0392 3052 Drive \Device\Harddisk1\DR3 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:07:27.0408 3052 ============================================================
20:07:27.0408 3052 \Device\Harddisk0\DR0:
20:07:27.0408 3052 MBR partitions:
20:07:27.0408 3052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:07:27.0408 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23505800
20:07:27.0408 3052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23569800, BlocksNum 0x1E91000
20:07:27.0408 3052 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
20:07:27.0408 3052 \Device\Harddisk1\DR3:
20:07:27.0408 3052 MBR partitions:
20:07:27.0408 3052 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEA080
20:07:27.0408 3052 ============================================================
20:07:27.0439 3052 C: <-> \Device\Harddisk0\DR0\Partition1
20:07:27.0486 3052 D: <-> \Device\Harddisk0\DR0\Partition2
20:07:27.0501 3052 E: <-> \Device\Harddisk0\DR0\Partition3
20:07:27.0501 3052 ============================================================
20:07:27.0501 3052 Initialize success
20:07:27.0501 3052 ============================================================
20:07:40.0246 3652 ============================================================
20:07:40.0246 3652 Scan started
20:07:40.0246 3652 Mode: Manual; SigCheck; TDLFS;
20:07:40.0246 3652 ============================================================
20:07:41.0151 3652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:07:41.0276 3652 1394ohci - ok
20:07:41.0338 3652 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
20:07:41.0401 3652 Accelerometer - ok
20:07:41.0479 3652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:07:41.0510 3652 ACPI - ok
20:07:41.0541 3652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:07:41.0588 3652 AcpiPmi - ok
20:07:41.0713 3652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:07:41.0775 3652 adp94xx - ok
20:07:41.0822 3652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:07:41.0869 3652 adpahci - ok
20:07:41.0900 3652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:07:41.0947 3652 adpu320 - ok
20:07:41.0994 3652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:07:42.0103 3652 AeLookupSvc - ok
20:07:42.0212 3652 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
20:07:42.0274 3652 AESTFilters - ok
20:07:42.0352 3652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:07:42.0415 3652 AFD - ok
20:07:42.0462 3652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:07:42.0493 3652 agp440 - ok
20:07:42.0540 3652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:07:42.0586 3652 ALG - ok
20:07:42.0618 3652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:07:42.0633 3652 aliide - ok
20:07:42.0696 3652 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
20:07:42.0742 3652 AMD External Events Utility - ok
20:07:42.0774 3652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:07:42.0789 3652 amdide - ok
20:07:42.0836 3652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:07:42.0883 3652 AmdK8 - ok
20:07:42.0914 3652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:07:42.0976 3652 AmdPPM - ok
20:07:43.0008 3652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:07:43.0054 3652 amdsata - ok
20:07:43.0101 3652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:07:43.0132 3652 amdsbs - ok
20:07:43.0148 3652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:07:43.0179 3652 amdxata - ok
20:07:43.0210 3652 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
20:07:43.0257 3652 Andbus - ok
20:07:43.0304 3652 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
20:07:43.0335 3652 AndDiag - ok
20:07:43.0351 3652 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
20:07:43.0382 3652 AndGps - ok
20:07:43.0429 3652 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
20:07:43.0476 3652 ANDModem - ok
20:07:43.0554 3652 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:07:43.0616 3652 ApfiltrService - ok
20:07:43.0678 3652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:07:43.0788 3652 AppID - ok
20:07:43.0803 3652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:07:43.0912 3652 AppIDSvc - ok
20:07:43.0944 3652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:07:44.0053 3652 Appinfo - ok
20:07:44.0115 3652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:07:44.0146 3652 arc - ok
20:07:44.0162 3652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:07:44.0193 3652 arcsas - ok
20:07:44.0240 3652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:44.0334 3652 AsyncMac - ok
20:07:44.0365 3652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:07:44.0396 3652 atapi - ok
20:07:44.0583 3652 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
20:07:44.0661 3652 athr - ok
20:07:44.0833 3652 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
20:07:44.0880 3652 AtiHdmiService - ok
20:07:45.0519 3652 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:07:45.0769 3652 atikmdag - ok
20:07:45.0878 3652 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:07:45.0909 3652 AtiPcie - ok
20:07:46.0034 3652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:46.0159 3652 AudioEndpointBuilder - ok
20:07:46.0174 3652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:46.0268 3652 AudioSrv - ok
20:07:46.0362 3652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:07:46.0455 3652 AxInstSV - ok
20:07:46.0549 3652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:07:46.0611 3652 b06bdrv - ok
20:07:46.0689 3652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:46.0736 3652 b57nd60a - ok
20:07:46.0830 3652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:07:46.0892 3652 BDESVC - ok
20:07:46.0908 3652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:07:47.0001 3652 Beep - ok
20:07:47.0126 3652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:07:47.0235 3652 BFE - ok
20:07:47.0298 3652 BHDrvx64 - ok
20:07:47.0407 3652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:07:47.0516 3652 BITS - ok
20:07:47.0578 3652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:47.0625 3652 blbdrive - ok
20:07:47.0656 3652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:07:47.0688 3652 bowser - ok
20:07:47.0719 3652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:07:47.0766 3652 BrFiltLo - ok
20:07:47.0781 3652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:07:47.0812 3652 BrFiltUp - ok
20:07:47.0859 3652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:07:47.0953 3652 BridgeMP - ok
20:07:48.0000 3652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:07:48.0093 3652 Browser - ok
20:07:48.0140 3652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:07:48.0218 3652 Brserid - ok
20:07:48.0234 3652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:48.0281 3652 BrSerWdm - ok
20:07:48.0312 3652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:48.0359 3652 BrUsbMdm - ok
20:07:48.0374 3652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:48.0405 3652 BrUsbSer - ok
20:07:48.0437 3652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:07:48.0483 3652 BTHMODEM - ok
20:07:48.0546 3652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:07:48.0655 3652 bthserv - ok
20:07:48.0717 3652 catchme - ok
20:07:48.0842 3652 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
20:07:48.0905 3652 ccHP - ok
20:07:48.0967 3652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:07:49.0076 3652 cdfs - ok
20:07:49.0139 3652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:07:49.0185 3652 cdrom - ok
20:07:49.0232 3652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:07:49.0341 3652 CertPropSvc - ok
20:07:49.0388 3652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:07:49.0435 3652 circlass - ok
20:07:49.0482 3652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:07:49.0529 3652 CLFS - ok
20:07:49.0575 3652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:49.0607 3652 clr_optimization_v2.0.50727_32 - ok
20:07:49.0653 3652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:49.0700 3652 clr_optimization_v2.0.50727_64 - ok
20:07:49.0763 3652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:07:49.0794 3652 clr_optimization_v4.0.30319_32 - ok
20:07:49.0825 3652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:07:49.0841 3652 clr_optimization_v4.0.30319_64 - ok
20:07:49.0856 3652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:07:49.0903 3652 CmBatt - ok
20:07:49.0934 3652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:07:49.0965 3652 cmdide - ok
20:07:50.0028 3652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:07:50.0090 3652 CNG - ok
20:07:50.0184 3652 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:07:50.0215 3652 Com4QLBEx - ok
20:07:50.0246 3652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:07:50.0262 3652 Compbatt - ok
20:07:50.0324 3652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:07:50.0371 3652 CompositeBus - ok
20:07:50.0402 3652 COMSysApp - ok
20:07:50.0433 3652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:07:50.0465 3652 crcdisk - ok
20:07:50.0527 3652 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:07:50.0621 3652 CryptSvc - ok
20:07:50.0808 3652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:07:50.0917 3652 DcomLaunch - ok
20:07:50.0995 3652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:07:51.0104 3652 defragsvc - ok
20:07:51.0167 3652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:07:51.0260 3652 DfsC - ok
20:07:51.0307 3652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:07:51.0416 3652 Dhcp - ok
20:07:51.0447 3652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:07:51.0541 3652 discache - ok
20:07:51.0557 3652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:07:51.0588 3652 Disk - ok
20:07:51.0666 3652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:07:51.0713 3652 Dnscache - ok
20:07:51.0759 3652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:07:51.0869 3652 dot3svc - ok
20:07:51.0931 3652 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:07:51.0978 3652 Dot4 - ok
20:07:52.0025 3652 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
20:07:52.0071 3652 Dot4Print - ok
20:07:52.0087 3652 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:07:52.0134 3652 dot4usb - ok
20:07:52.0181 3652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:07:52.0290 3652 DPS - ok
20:07:52.0321 3652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:07:52.0368 3652 drmkaud - ok
20:07:52.0508 3652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:07:52.0586 3652 DXGKrnl - ok
20:07:52.0649 3652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:07:52.0758 3652 EapHost - ok
20:07:53.0117 3652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:07:53.0288 3652 ebdrv - ok
20:07:53.0397 3652 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:07:53.0460 3652 eeCtrl - ok
20:07:53.0569 3652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:07:53.0600 3652 EFS - ok
20:07:53.0741 3652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:07:53.0834 3652 ehRecvr - ok
20:07:53.0881 3652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:07:53.0928 3652 ehSched - ok
20:07:54.0021 3652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:07:54.0084 3652 elxstor - ok
20:07:54.0131 3652 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
20:07:54.0177 3652 enecir - ok
20:07:54.0209 3652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:07:54.0255 3652 ErrDev - ok
20:07:54.0349 3652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:07:54.0443 3652 EventSystem - ok
20:07:54.0489 3652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:07:54.0583 3652 exfat - ok
20:07:54.0630 3652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:07:54.0723 3652 fastfat - ok
20:07:54.0833 3652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:07:54.0911 3652 Fax - ok
20:07:54.0957 3652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:07:54.0989 3652 fdc - ok
20:07:55.0020 3652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:07:55.0113 3652 fdPHost - ok
20:07:55.0113 3652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:07:55.0223 3652 FDResPub - ok
20:07:55.0269 3652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:07:55.0301 3652 FileInfo - ok
20:07:55.0316 3652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:07:55.0410 3652 Filetrace - ok
20:07:55.0441 3652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:07:55.0472 3652 flpydisk - ok
20:07:55.0535 3652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:07:55.0581 3652 FltMgr - ok
20:07:55.0722 3652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:07:55.0815 3652 FontCache - ok
20:07:55.0893 3652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:07:55.0909 3652 FontCache3.0.0.0 - ok
20:07:55.0971 3652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:07:56.0003 3652 FsDepends - ok
20:07:56.0049 3652 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:07:56.0081 3652 Fs_Rec - ok
20:07:56.0127 3652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:07:56.0174 3652 fvevol - ok
20:07:56.0205 3652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:07:56.0252 3652 gagp30kx - ok
20:07:56.0377 3652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:07:56.0502 3652 gpsvc - ok
20:07:56.0549 3652 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:07:56.0580 3652 hamachi - ok
20:07:56.0923 3652 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:07:57.0048 3652 Hamachi2Svc - ok
20:07:57.0188 3652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:07:57.0219 3652 hcw85cir - ok
20:07:57.0297 3652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:07:57.0360 3652 HdAudAddService - ok
20:07:57.0391 3652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:07:57.0453 3652 HDAudBus - ok
20:07:57.0469 3652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:07:57.0500 3652 HidBatt - ok
20:07:57.0547 3652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:07:57.0578 3652 HidBth - ok
20:07:57.0609 3652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:07:57.0641 3652 HidIr - ok
20:07:57.0672 3652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:07:57.0781 3652 hidserv - ok
20:07:57.0812 3652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:07:57.0843 3652 HidUsb - ok
20:07:57.0875 3652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:07:57.0999 3652 hkmsvc - ok
20:07:58.0046 3652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:07:58.0109 3652 HomeGroupListener - ok
20:07:58.0155 3652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:07:58.0202 3652 HomeGroupProvider - ok
20:07:58.0311 3652 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:07:58.0327 3652 HP Health Check Service - ok
20:07:58.0389 3652 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:07:58.0405 3652 HPDrvMntSvc.exe - ok
20:07:58.0436 3652 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
20:07:58.0467 3652 hpdskflt - ok
20:07:58.0499 3652 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:07:58.0514 3652 HpqKbFiltr - ok
20:07:58.0623 3652 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:07:58.0670 3652 hpqwmiex - ok
20:07:58.0717 3652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:07:58.0748 3652 HpSAMD - ok
20:07:58.0920 3652 HPSLPSVC (5ecec779312ad35b1b19951a4b53fac1) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:07:58.0982 3652 HPSLPSVC - ok
20:07:59.0013 3652 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
20:07:59.0060 3652 hpsrv - ok
20:07:59.0169 3652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:07:59.0279 3652 HTTP - ok
20:07:59.0310 3652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:07:59.0325 3652 hwpolicy - ok
20:07:59.0388 3652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:07:59.0419 3652 i8042prt - ok
20:07:59.0513 3652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:07:59.0559 3652 iaStorV - ok
20:07:59.0715 3652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:07:59.0778 3652 idsvc - ok
20:07:59.0825 3652 IDSVia64 - ok
20:08:00.0573 3652 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:08:00.0839 3652 igfx - ok
20:08:00.0979 3652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:08:01.0010 3652 iirsp - ok
20:08:01.0135 3652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:08:01.0275 3652 IKEEXT - ok
20:08:01.0322 3652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:08:01.0353 3652 intelide - ok
20:08:01.0385 3652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:08:01.0447 3652 intelppm - ok
20:08:01.0478 3652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:08:01.0572 3652 IPBusEnum - ok
20:08:01.0619 3652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:01.0712 3652 IpFilterDriver - ok
20:08:01.0790 3652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:08:01.0899 3652 iphlpsvc - ok
20:08:01.0931 3652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:08:01.0977 3652 IPMIDRV - ok
20:08:02.0024 3652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:08:02.0133 3652 IPNAT - ok
20:08:02.0165 3652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:08:02.0211 3652 IRENUM - ok
20:08:02.0227 3652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:08:02.0258 3652 isapnp - ok
20:08:02.0305 3652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:08:02.0352 3652 iScsiPrt - ok
20:08:02.0430 3652 JMCR (02bd12c2ee52f0849a5d6f9a2fa67b4e) C:\Windows\system32\DRIVERS\jmcr.sys
20:08:02.0508 3652 JMCR - ok
20:08:02.0539 3652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:08:02.0570 3652 kbdclass - ok
20:08:02.0617 3652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:08:02.0648 3652 kbdhid - ok
20:08:02.0679 3652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:02.0711 3652 KeyIso - ok
20:08:02.0757 3652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:08:02.0804 3652 KSecDD - ok
20:08:02.0835 3652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:08:02.0867 3652 KSecPkg - ok
20:08:02.0882 3652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:08:02.0991 3652 ksthunk - ok
20:08:03.0054 3652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:08:03.0147 3652 KtmRm - ok
20:08:03.0225 3652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:08:03.0350 3652 LanmanServer - ok
20:08:03.0381 3652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:08:03.0506 3652 LanmanWorkstation - ok
20:08:03.0569 3652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:08:03.0662 3652 lltdio - ok
20:08:03.0725 3652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:08:03.0834 3652 lltdsvc - ok
20:08:03.0865 3652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:08:03.0959 3652 lmhosts - ok
20:08:04.0083 3652 LMIGuardianSvc (dcc0c4bd277e7ee0cd171d7499a55035) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
20:08:04.0115 3652 LMIGuardianSvc - ok
20:08:04.0146 3652 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
20:08:04.0193 3652 LMIInfo - ok
20:08:04.0224 3652 LMIMaint (31cc13efa3568bfa60f9302e643e3f94) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
20:08:04.0255 3652 LMIMaint - ok
20:08:04.0286 3652 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
20:08:04.0317 3652 lmimirr - ok
20:08:04.0349 3652 LMIRfsClientNP - ok
20:08:04.0364 3652 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
20:08:04.0411 3652 LMIRfsDriver - ok
20:08:04.0473 3652 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
20:08:04.0520 3652 LogMeIn - ok
20:08:04.0567 3652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:08:04.0614 3652 LSI_FC - ok
20:08:04.0629 3652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:08:04.0676 3652 LSI_SAS - ok
20:08:04.0692 3652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:08:04.0723 3652 LSI_SAS2 - ok
20:08:04.0754 3652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:08:04.0785 3652 LSI_SCSI - ok
20:08:04.0832 3652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:08:04.0926 3652 luafv - ok
20:08:04.0973 3652 lxdn_device - ok
20:08:05.0066 3652 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
20:08:05.0082 3652 McciCMService ( UnsignedFile.Multi.Generic ) - warning
20:08:05.0082 3652 McciCMService - detected UnsignedFile.Multi.Generic (1)
20:08:05.0207 3652 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
20:08:05.0253 3652 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
20:08:05.0253 3652 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
20:08:05.0300 3652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:08:05.0347 3652 Mcx2Svc - ok
20:08:05.0378 3652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:08:05.0409 3652 megasas - ok
20:08:05.0456 3652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:08:05.0487 3652 MegaSR - ok
20:08:05.0581 3652 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:08:05.0612 3652 Microsoft Office Groove Audit Service - ok
20:08:05.0643 3652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:05.0784 3652 MMCSS - ok
20:08:05.0799 3652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:08:05.0909 3652 Modem - ok
20:08:05.0924 3652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:08:05.0971 3652 monitor - ok
20:08:06.0002 3652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:08:06.0033 3652 mouclass - ok
20:08:06.0065 3652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:08:06.0096 3652 mouhid - ok
20:08:06.0143 3652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:08:06.0174 3652 mountmgr - ok
20:08:06.0221 3652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:08:06.0252 3652 MozillaMaintenance - ok
20:08:06.0299 3652 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:08:06.0345 3652 MpFilter - ok
20:08:06.0408 3652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:08:06.0439 3652 mpio - ok
20:08:06.0455 3652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:08:06.0564 3652 mpsdrv - ok
20:08:06.0673 3652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:08:06.0813 3652 MpsSvc - ok
20:08:06.0891 3652 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
20:08:06.0907 3652 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:08:06.0907 3652 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:08:07.0001 3652 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
20:08:07.0032 3652 MREMP50a64 - ok
20:08:07.0047 3652 MREMPR5 - ok
20:08:07.0063 3652 MRENDIS5 - ok
20:08:07.0094 3652 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
20:08:07.0110 3652 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:08:07.0125 3652 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:08:07.0157 3652 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
20:08:07.0188 3652 MRESP50a64 - ok
20:08:07.0235 3652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:08:07.0297 3652 MRxDAV - ok
20:08:07.0344 3652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:07.0391 3652 mrxsmb - ok
20:08:07.0437 3652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:07.0484 3652 mrxsmb10 - ok
20:08:07.0515 3652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:07.0547 3652 mrxsmb20 - ok
20:08:07.0578 3652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:08:07.0609 3652 msahci - ok
20:08:07.0656 3652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:08:07.0687 3652 msdsm - ok
20:08:07.0734 3652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:08:07.0765 3652 MSDTC - ok
20:08:07.0827 3652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:08:07.0905 3652 Msfs - ok
20:08:07.0937 3652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:08:08.0030 3652 mshidkmdf - ok
20:08:08.0061 3652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:08:08.0093 3652 msisadrv - ok
20:08:08.0139 3652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:08:08.0233 3652 MSiSCSI - ok
20:08:08.0249 3652 msiserver - ok
20:08:08.0280 3652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:08:08.0358 3652 MSKSSRV - ok
20:08:08.0483 3652 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:08:08.0514 3652 MsMpSvc - ok
20:08:08.0529 3652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:08.0623 3652 MSPCLOCK - ok
20:08:08.0639 3652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:08:08.0732 3652 MSPQM - ok
20:08:08.0795 3652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:08:08.0841 3652 MsRPC - ok
20:08:08.0857 3652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:08:08.0888 3652 mssmbios - ok
20:08:08.0919 3652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:08:09.0013 3652 MSTEE - ok
20:08:09.0044 3652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:08:09.0075 3652 MTConfig - ok
20:08:09.0107 3652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:08:09.0138 3652 Mup - ok
20:08:09.0216 3652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:08:09.0341 3652 napagent - ok
20:08:09.0403 3652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:08:09.0450 3652 NativeWifiP - ok
20:08:09.0497 3652 NAVENG - ok
20:08:09.0512 3652 NAVEX15 - ok
20:08:09.0637 3652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:08:09.0699 3652 NDIS - ok
20:08:09.0731 3652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:09.0824 3652 NdisCap - ok
20:08:09.0855 3652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:09.0933 3652 NdisTapi - ok
20:08:09.0980 3652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:10.0074 3652 Ndisuio - ok
20:08:10.0121 3652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:10.0230 3652 NdisWan - ok
20:08:10.0261 3652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:08:10.0355 3652 NDProxy - ok
20:08:10.0433 3652 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
20:08:10.0448 3652 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:08:10.0448 3652 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:08:10.0479 3652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:08:10.0573 3652 NetBIOS - ok
20:08:10.0635 3652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:08:10.0729 3652 NetBT - ok
20:08:10.0760 3652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:10.0791 3652 Netlogon - ok
20:08:10.0869 3652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:08:10.0979 3652 Netman - ok
20:08:11.0041 3652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:08:11.0166 3652 netprofm - ok
20:08:11.0244 3652 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:08:11.0275 3652 NetTcpPortSharing - ok
20:08:11.0868 3652 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:08:12.0086 3652 netw5v64 - ok
20:08:12.0258 3652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:08:12.0273 3652 nfrd960 - ok
20:08:12.0320 3652 NIS - ok
20:08:12.0367 3652 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:08:12.0398 3652 NisDrv - ok
20:08:12.0492 3652 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:08:12.0539 3652 NisSrv - ok
20:08:12.0601 3652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:08:12.0710 3652 NlaSvc - ok
20:08:12.0757 3652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:08:12.0851 3652 Npfs - ok
20:08:12.0882 3652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:08:12.0991 3652 nsi - ok
20:08:13.0007 3652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:08:13.0116 3652 nsiproxy - ok
20:08:13.0319 3652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:08:13.0412 3652 Ntfs - ok
20:08:13.0553 3652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:08:13.0646 3652 Null - ok
20:08:13.0693 3652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:08:13.0724 3652 nvraid - ok
20:08:13.0755 3652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:08:13.0787 3652 nvstor - ok
20:08:13.0833 3652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:08:13.0865 3652 nv_agp - ok
20:08:13.0989 3652 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:08:14.0036 3652 odserv - ok
20:08:14.0067 3652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:08:14.0114 3652 ohci1394 - ok
20:08:14.0208 3652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:08:14.0239 3652 ose - ok
20:08:14.0317 3652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:14.0379 3652 p2pimsvc - ok
20:08:14.0442 3652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:08:14.0504 3652 p2psvc - ok
20:08:14.0535 3652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:08:14.0582 3652 Parport - ok
20:08:14.0613 3652 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:08:14.0645 3652 partmgr - ok
20:08:14.0676 3652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:08:14.0738 3652 PcaSvc - ok
20:08:14.0785 3652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:08:14.0816 3652 pci - ok
20:08:14.0847 3652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:08:14.0863 3652 pciide - ok
20:08:14.0910 3652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:08:14.0941 3652 pcmcia - ok
20:08:14.0972 3652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:08:15.0003 3652 pcw - ok
20:08:15.0097 3652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:08:15.0222 3652 PEAUTH - ok
20:08:15.0315 3652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:08:15.0347 3652 PerfHost - ok
20:08:15.0518 3652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:08:15.0674 3652 pla - ok
20:08:15.0752 3652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:08:15.0815 3652 PlugPlay - ok
20:08:15.0861 3652 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
20:08:15.0877 3652 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:08:15.0877 3652 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:08:15.0908 3652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:08:15.0939 3652 PNRPAutoReg - ok
20:08:15.0986 3652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:16.0033 3652 PNRPsvc - ok
20:08:16.0095 3652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:08:16.0220 3652 PolicyAgent - ok
20:08:16.0267 3652 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:08:16.0376 3652 Power - ok
20:08:16.0454 3652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:08:16.0548 3652 PptpMiniport - ok
20:08:16.0579 3652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:08:16.0610 3652 Processor - ok
20:08:16.0657 3652 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:08:16.0766 3652 ProfSvc - ok
20:08:16.0797 3652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:16.0829 3652 ProtectedStorage - ok
20:08:16.0875 3652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:08:16.0969 3652 Psched - ok
20:08:17.0172 3652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:08:17.0265 3652 ql2300 - ok
20:08:17.0390 3652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:08:17.0421 3652 ql40xx - ok
20:08:17.0468 3652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:08:17.0531 3652 QWAVE - ok
20:08:17.0546 3652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:08:17.0609 3652 QWAVEdrv - ok
20:08:17.0640 3652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:08:17.0733 3652 RasAcd - ok
20:08:17.0765 3652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:17.0858 3652 RasAgileVpn - ok
20:08:17.0889 3652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:08:17.0999 3652 RasAuto - ok
20:08:18.0030 3652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:18.0139 3652 Rasl2tp - ok
20:08:18.0201 3652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:08:18.0311 3652 RasMan - ok
20:08:18.0326 3652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:18.0435 3652 RasPppoe - ok
20:08:18.0467 3652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:08:18.0576 3652 RasSstp - ok
20:08:18.0638 3652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:08:18.0732 3652 rdbss - ok
20:08:18.0779 3652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:18.0825 3652 rdpbus - ok
20:08:18.0857 3652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:18.0935 3652 RDPCDD - ok
20:08:18.0966 3652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:08:19.0059 3652 RDPENCDD - ok
20:08:19.0091 3652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:08:19.0184 3652 RDPREFMP - ok
20:08:19.0231 3652 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:08:19.0278 3652 RDPWD - ok
20:08:19.0325 3652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:08:19.0356 3652 rdyboost - ok
20:08:19.0403 3652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:08:19.0512 3652 RemoteAccess - ok
20:08:19.0559 3652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:08:19.0652 3652 RemoteRegistry - ok
20:08:19.0746 3652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:08:19.0855 3652 RpcEptMapper - ok
20:08:19.0871 3652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:08:19.0902 3652 RpcLocator - ok
20:08:19.0980 3652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:08:20.0089 3652 RpcSs - ok
20:08:20.0120 3652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:08:20.0229 3652 rspndr - ok
20:08:20.0276 3652 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:08:20.0323 3652 RTL8167 - ok
20:08:20.0385 3652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:20.0417 3652 SamSs - ok
20:08:20.0463 3652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:08:20.0495 3652 sbp2port - ok
20:08:20.0541 3652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:08:20.0635 3652 SCardSvr - ok
20:08:20.0666 3652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:08:20.0744 3652 scfilter - ok
20:08:20.0885 3652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:08:21.0009 3652 Schedule - ok
20:08:21.0041 3652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:08:21.0134 3652 SCPolicySvc - ok
20:08:21.0181 3652 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:08:21.0228 3652 sdbus - ok
20:08:21.0275 3652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:08:21.0337 3652 SDRSVC - ok
20:08:21.0399 3652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:08:21.0509 3652 secdrv - ok
20:08:21.0540 3652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:08:21.0633 3652 seclogon - ok
20:08:21.0665 3652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:08:21.0789 3652 SENS - ok
20:08:21.0805 3652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:08:21.0852 3652 SensrSvc - ok
20:08:21.0867 3652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:08:21.0914 3652 Serenum - ok
20:08:21.0945 3652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:08:21.0977 3652 Serial - ok
20:08:22.0008 3652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:08:22.0039 3652 sermouse - ok
20:08:22.0101 3652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:08:22.0211 3652 SessionEnv - ok
20:08:22.0242 3652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:08:22.0289 3652 sffdisk - ok
20:08:22.0320 3652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:08:22.0351 3652 sffp_mmc - ok
20:08:22.0367 3652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:08:22.0398 3652 sffp_sd - ok
20:08:22.0429 3652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:08:22.0476 3652 sfloppy - ok
20:08:22.0523 3652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:08:22.0632 3652 SharedAccess - ok
20:08:22.0710 3652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:08:22.0803 3652 ShellHWDetection - ok
20:08:22.0835 3652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:08:22.0866 3652 SiSRaid2 - ok
20:08:22.0897 3652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:08:22.0928 3652 SiSRaid4 - ok
20:08:22.0991 3652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:08:23.0084 3652 Smb - ok
20:08:23.0147 3652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:08:23.0193 3652 SNMPTRAP - ok
20:08:23.0225 3652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:08:23.0256 3652 spldr - ok
20:08:23.0318 3652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:08:23.0427 3652 Spooler - ok
20:08:23.0817 3652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:08:24.0051 3652 sppsvc - ok
20:08:24.0176 3652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:08:24.0285 3652 sppuinotify - ok
20:08:24.0426 3652 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
20:08:24.0488 3652 SRTSP - ok
20:08:24.0504 3652 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
20:08:24.0551 3652 SRTSPX - ok
20:08:24.0613 3652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:08:24.0660 3652 srv - ok
20:08:24.0722 3652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:08:24.0769 3652 srv2 - ok
20:08:24.0831 3652 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:08:24.0863 3652 SrvHsfHDA - ok
20:08:25.0034 3652 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:08:25.0128 3652 SrvHsfV92 - ok
20:08:25.0346 3652 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:08:25.0409 3652 SrvHsfWinac - ok
20:08:25.0440 3652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:08:25.0487 3652 srvnet - ok
20:08:25.0533 3652 ssadbus (7525e8cc3f60ccef004bb8c3408b8ad4) C:\Windows\system32\DRIVERS\ssadbus.sys
20:08:25.0596 3652 ssadbus - ok
20:08:25.0627 3652 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:08:25.0705 3652 ssadmdfl - ok
20:08:25.0736 3652 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:08:25.0783 3652 ssadmdm - ok
20:08:25.0845 3652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:08:25.0939 3652 SSDPSRV - ok
20:08:25.0986 3652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:08:26.0095 3652 SstpSvc - ok
20:08:26.0204 3652 STacSV (caa31ea6ba02fc2013793b07dde8510c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
20:08:26.0235 3652 STacSV - ok
20:08:26.0282 3652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:08:26.0313 3652 stexstor - ok
20:08:26.0376 3652 STHDA (0a98661f2261446eed7a0eb79b286d5c) C:\Windows\system32\DRIVERS\stwrt64.sys
20:08:26.0423 3652 STHDA - ok
20:08:26.0516 3652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:08:26.0594 3652 stisvc - ok
20:08:26.0641 3652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:08:26.0657 3652 swenum - ok
20:08:26.0735 3652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:08:26.0844 3652 swprv - ok
20:08:26.0937 3652 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
20:08:27.0000 3652 SymDS - ok
20:08:27.0062 3652 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
20:08:27.0109 3652 SymEFA - ok
20:08:27.0156 3652 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:08:27.0203 3652 SymEvent - ok
20:08:27.0249 3652 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
20:08:27.0296 3652 SymIRON - ok
20:08:27.0359 3652 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
20:08:27.0421 3652 SYMTDIv - ok
20:08:27.0639 3652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:08:27.0764 3652 SysMain - ok
20:08:27.0905 3652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:08:27.0967 3652 TabletInputService - ok
20:08:28.0029 3652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:08:28.0123 3652 TapiSrv - ok
20:08:28.0217 3652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:08:28.0310 3652 TBS - ok
20:08:28.0560 3652 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:08:28.0669 3652 Tcpip - ok
20:08:28.0965 3652 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:08:29.0075 3652 TCPIP6 - ok
20:08:29.0184 3652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:08:29.0277 3652 tcpipreg - ok
20:08:29.0309 3652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:08:29.0340 3652 TDPIPE - ok
20:08:29.0371 3652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:08:29.0402 3652 TDTCP - ok
20:08:29.0449 3652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:08:29.0527 3652 tdx - ok
20:08:29.0574 3652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:08:29.0605 3652 TermDD - ok
20:08:29.0714 3652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:08:29.0823 3652 TermService - ok
20:08:29.0855 3652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:08:29.0917 3652 Themes - ok
20:08:29.0964 3652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:30.0042 3652 THREADORDER - ok
20:08:30.0120 3652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:08:30.0229 3652 TrkWks - ok
20:08:30.0276 3652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:08:30.0385 3652 TrustedInstaller - ok
20:08:30.0432 3652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:30.0525 3652 tssecsrv - ok
20:08:30.0557 3652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:08:30.0603 3652 TsUsbFlt - ok
20:08:30.0666 3652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:08:30.0759 3652 tunnel - ok
20:08:30.0806 3652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:08:30.0837 3652 uagp35 - ok
20:08:30.0900 3652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:08:31.0009 3652 udfs - ok
20:08:31.0040 3652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:08:31.0103 3652 UI0Detect - ok
20:08:31.0149 3652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:08:31.0181 3652 uliagpkx - ok
20:08:31.0227 3652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:08:31.0274 3652 umbus - ok
20:08:31.0305 3652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:08:31.0352 3652 UmPass - ok
20:08:31.0399 3652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:08:31.0524 3652 upnphost - ok
20:08:31.0555 3652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:31.0602 3652 usbccgp - ok
20:08:31.0649 3652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:08:31.0695 3652 usbcir - ok
20:08:31.0727 3652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:08:31.0773 3652 usbehci - ok
20:08:31.0805 3652 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
20:08:31.0836 3652 usbfilter - ok
20:08:31.0898 3652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:08:31.0945 3652 usbhub - ok
20:08:31.0976 3652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:08:32.0007 3652 usbohci - ok
20:08:32.0054 3652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:08:32.0085 3652 usbprint - ok
20:08:32.0148 3652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:08:32.0195 3652 usbscan - ok
20:08:32.0210 3652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:32.0273 3652 USBSTOR - ok
20:08:32.0288 3652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:08:32.0335 3652 usbuhci - ok
20:08:32.0397 3652 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:08:32.0460 3652 usbvideo - ok
20:08:32.0491 3652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:08:32.0600 3652 UxSms - ok
20:08:32.0616 3652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:32.0647 3652 VaultSvc - ok
20:08:32.0694 3652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:08:32.0725 3652 vdrvroot - ok
20:08:32.0803 3652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:08:32.0912 3652 vds - ok
20:08:32.0943 3652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:32.0975 3652 vga - ok
20:08:32.0990 3652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:08:33.0099 3652 VgaSave - ok
20:08:33.0131 3652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:08:33.0177 3652 vhdmp - ok
20:08:33.0209 3652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:08:33.0240 3652 viaide - ok
20:08:33.0302 3652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:08:33.0333 3652 volmgr - ok
20:08:33.0380 3652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:08:33.0427 3652 volmgrx - ok
20:08:33.0474 3652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:08:33.0521 3652 volsnap - ok
20:08:33.0552 3652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:08:33.0599 3652 vsmraid - ok
20:08:33.0786 3652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:08:33.0942 3652 VSS - ok
20:08:34.0082 3652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:08:34.0129 3652 vwifibus - ok
20:08:34.0145 3652 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:08:34.0207 3652 vwififlt - ok
20:08:34.0285 3652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:08:34.0410 3652 W32Time - ok
20:08:34.0441 3652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:08:34.0472 3652 WacomPen - ok
20:08:34.0519 3652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:34.0628 3652 WANARP - ok
20:08:34.0644 3652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:34.0737 3652 Wanarpv6 - ok
20:08:34.0909 3652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:08:35.0003 3652 WatAdminSvc - ok
20:08:35.0190 3652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:08:35.0299 3652 wbengine - ok
20:08:35.0455 3652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:08:35.0502 3652 WbioSrvc - ok
20:08:35.0580 3652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:08:35.0658 3652 wcncsvc - ok
20:08:35.0673 3652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:08:35.0736 3652 WcsPlugInService - ok
20:08:35.0783 3652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:08:35.0814 3652 Wd - ok
20:08:35.0892 3652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:08:35.0954 3652 Wdf01000 - ok
20:08:35.0985 3652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:36.0048 3652 WdiServiceHost - ok
20:08:36.0048 3652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:36.0095 3652 WdiSystemHost - ok
20:08:36.0141 3652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:08:36.0204 3652 WebClient - ok
20:08:36.0266 3652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:08:36.0375 3652 Wecsvc - ok
20:08:36.0407 3652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:08:36.0516 3652 wercplsupport - ok
20:08:36.0547 3652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:08:36.0656 3652 WerSvc - ok
20:08:36.0687 3652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:36.0781 3652 WfpLwf - ok
20:08:36.0812 3652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:08:36.0843 3652 WIMMount - ok
20:08:36.0875 3652 WinDefend - ok
20:08:36.0890 3652 WinHttpAutoProxySvc - ok
20:08:36.0968 3652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:08:37.0077 3652 Winmgmt - ok
20:08:37.0327 3652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:08:37.0499 3652 WinRM - ok
20:08:37.0655 3652 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:08:37.0701 3652 WinUsb - ok
20:08:37.0826 3652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:08:37.0904 3652 Wlansvc - ok
20:08:37.0951 3652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:08:37.0982 3652 WmiAcpi - ok
20:08:38.0045 3652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:08:38.0107 3652 wmiApSrv - ok
20:08:38.0138 3652 WMPNetworkSvc - ok
20:08:38.0154 3652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:08:38.0201 3652 WPCSvc - ok
20:08:38.0247 3652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:08:38.0294 3652 WPDBusEnum - ok
20:08:38.0310 3652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:08:38.0419 3652 ws2ifsl - ok
20:08:38.0450 3652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:08:38.0513 3652 wscsvc - ok
20:08:38.0513 3652 WSearch - ok
20:08:38.0793 3652 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:08:38.0981 3652 wuauserv - ok
20:08:39.0137 3652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:08:39.0230 3652 WudfPf - ok
20:08:39.0293 3652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:39.0402 3652 WUDFRd - ok
20:08:39.0449 3652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:08:39.0542 3652 wudfsvc - ok
20:08:39.0589 3652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:08:39.0651 3652 WwanSvc - ok
20:08:39.0729 3652 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:08:39.0776 3652 yukonw7 - ok
20:08:39.0854 3652 MBR (0x1B8) (3f92c78b5aa70e0d5609ad243c30fa8e) \Device\Harddisk0\DR0
20:08:39.0948 3652 \Device\Harddisk0\DR0 - ok
20:08:39.0948 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
20:08:40.0104 3652 \Device\Harddisk1\DR3 - ok
20:08:40.0151 3652 Boot (0x1200) (c22f7945622330fe5370c2756fa3e67c) \Device\Harddisk0\DR0\Partition0
20:08:40.0151 3652 \Device\Harddisk0\DR0\Partition0 - ok
20:08:40.0166 3652 Boot (0x1200) (97c84d4b40e98c1665eb822c7b32d160) \Device\Harddisk0\DR0\Partition1
20:08:40.0166 3652 \Device\Harddisk0\DR0\Partition1 - ok
20:08:40.0197 3652 Boot (0x1200) (c2d904cc13edb34b4fe0a3912036f15a) \Device\Harddisk0\DR0\Partition2
20:08:40.0197 3652 \Device\Harddisk0\DR0\Partition2 - ok
20:08:40.0213 3652 Boot (0x1200) (dab3ff87e771d7f1c98571737f7d893a) \Device\Harddisk0\DR0\Partition3
20:08:40.0213 3652 \Device\Harddisk0\DR0\Partition3 - ok
20:08:40.0229 3652 Boot (0x1200) (a40244712f18e2432cfae4c851ac676b) \Device\Harddisk1\DR3\Partition0
20:08:40.0229 3652 \Device\Harddisk1\DR3\Partition0 - ok
20:08:40.0229 3652 ============================================================
20:08:40.0229 3652 Scan finished
20:08:40.0229 3652 ============================================================
20:08:40.0260 1196 Detected object count: 6
20:08:40.0260 1196 Actual detected object count: 6
20:09:22.0863 1196 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:22.0863 1196 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:22.0863 1196 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:22.0863 1196 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:22.0879 1196 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:22.0879 1196 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:22.0879 1196 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:22.0879 1196 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:22.0879 1196 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:22.0879 1196 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:22.0879 1196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:22.0879 1196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:42.0910 3552 Deinitialize success

#13 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 15 May 2012 - 01:29 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 20:13:28
-----------------------------
20:13:28.617 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:28.617 Number of processors: 2 586 0x602
20:13:28.617 ComputerName: LUPITA-PC UserName: Lupita
20:13:30.208 Initialize success
20:14:41.875 AVAST engine defs: 12051401
20:14:53.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:14:53.949 Disk 0 Vendor: WDC_WD3200BEKT-60V5T1 12.01A12 Size: 305245MB BusType: 11
20:14:53.981 Disk 0 MBR read successfully
20:14:53.981 Disk 0 MBR scan
20:14:53.996 Disk 0 unknown MBR code
20:14:54.012 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:14:54.027 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289291 MB offset 409600
20:14:54.059 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15650 MB offset 592877568
20:14:54.090 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
20:14:54.137 Disk 0 scanning C:\Windows\system32\drivers
20:15:05.259 Service scanning
20:15:33.527 Modules scanning
20:15:33.542 Disk 0 trace - called modules:
20:15:33.589 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:15:33.605 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004386660]
20:15:33.620 3 CLASSPNP.SYS[fffff8800112343f] -> nt!IofCallDriver -> [0xfffffa80043854a0]
20:15:33.620 5 hpdskflt.sys[fffff88002387289] -> nt!IofCallDriver -> [0xfffffa8004301e40]
20:15:33.636 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042fe060]
20:15:35.726 AVAST engine scan C:\
20:15:43.308 File: C:\FRST\Quarantine\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
20:15:43.370 File: C:\FRST\Quarantine\spbbcsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
20:40:36.199 File: C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir **INFECTED** Win32:Sirefef-PL [Rtk]
20:40:36.340 File: C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir **INFECTED** Win32:Malware-gen
20:40:36.465 File: C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cf.@.vir **INFECTED** Win32:Malware-gen
20:40:38.056 File: C:\Qoobox\Quarantine\C\Windows\System32\6to4.dll.vir **INFECTED** Win64:Sirefef-E [Trj]
20:40:38.196 File: C:\Qoobox\Quarantine\C\Windows\System32\AeLookupSvc.dll.vir **INFECTED** Win64:Sirefef-E [Trj]
20:40:38.493 File: C:\Qoobox\Quarantine\C\Windows\System32\NWCWorkstation.dll.vir **INFECTED** Win64:Sirefef-E [Trj]
20:45:16.625 File: C:\TDSSKiller_Quarantine\13.05.2012_11.08.18\zaea0000\svc0000\tsk0000.dta **INFECTED** Win64:Sirefef-E [Trj]
20:45:16.797 File: C:\TDSSKiller_Quarantine\13.05.2012_11.08.18\zaea0001\svc0000\tsk0000.dta **INFECTED** Win64:Sirefef-E [Trj]
21:15:38.974 File: C:\Windows\System32\3dkeybd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:40.783 File: C:\Windows\System32\acprfmgrsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:42.250 File: C:\Windows\System32\actser.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:43.342 File: C:\Windows\System32\ADSMService.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:46.415 File: C:\Windows\System32\AFGMp50.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:46.493 File: C:\Windows\System32\agentsrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:46.571 File: C:\Windows\System32\agp440.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:46.649 File: C:\Windows\System32\aiclient.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:46.899 File: C:\Windows\System32\AKSIFDH.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:46.977 File: C:\Windows\System32\alcan5wn.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:47.117 File: C:\Windows\System32\aliide.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:47.195 File: C:\Windows\System32\Alpham1.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:47.523 File: C:\Windows\System32\amdppm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:47.663 File: C:\Windows\System32\amusbprt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:47.803 File: C:\Windows\System32\Anydlc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:49.800 File: C:\Windows\System32\arp1394.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:49.894 File: C:\Windows\System32\ASNDIS5.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:49.972 File: C:\Windows\System32\asusgsb.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:50.034 File: C:\Windows\System32\aswlsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:50.159 File: C:\Windows\System32\atchksrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:50.253 File: C:\Windows\System32\atdisk.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:51.610 File: C:\Windows\System32\AtiHdmiService.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:53.482 File: C:\Windows\System32\ATKGFNEXSrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:53.575 File: C:\Windows\System32\atksgt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:53.700 File: C:\Windows\System32\atmeltpm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:53.965 File: C:\Windows\System32\ATMsg.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:54.839 File: C:\Windows\System32\audstub.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:55.541 File: C:\Windows\System32\authsyssvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.039 File: C:\Windows\System32\avcgbfl.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.117 File: C:\Windows\System32\avg7rsxp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.195 File: C:\Windows\System32\avgascln.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.257 File: C:\Windows\System32\avgfwsrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.319 File: C:\Windows\System32\avhook.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.444 File: C:\Windows\System32\avp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.538 File: C:\Windows\System32\awecho.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.616 File: C:\Windows\System32\awservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:57.678 File: C:\Windows\System32\AX88772.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:58.131 File: C:\Windows\System32\backuplauncher.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:58.864 File: C:\Windows\System32\bc_tdi_f.dll **INFECTED** Win64:Sirefef-E [Trj]
21:15:59.269 File: C:\Windows\System32\beatjammusicstreamingserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:00.517 File: C:\Windows\System32\bobo.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:02.265 File: C:\Windows\System32\c-dillacdac11ba.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:54.166 File: C:\Windows\System32\CBN.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:54.291 File: C:\Windows\System32\CcmExec.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:54.384 File: C:\Windows\System32\CdaD10BA.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:55.024 File: C:\Windows\System32\cdr4_2k.dll **INFECTED** Win64:Sirefef-E [Trj]
21:16:55.242 File: C:\Windows\System32\cdrbsvsd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:00.656 File: C:\Windows\System32\cicsclient.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:00.921 File: C:\Windows\System32\citrixwmiservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:01.124 File: C:\Windows\System32\clcapsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:01.514 File: C:\Windows\System32\cm102u32.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:01.872 File: C:\Windows\System32\cmigameport.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:03.058 File: C:\Windows\System32\CnxtHdAudService.dll **INFECTED** Win64:Sirefef-E [Trj]
21:17:03.994 File: C:\Windows\System32\commserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:01.798 File: C:\Windows\System32\CoolerXPDriver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:02.156 File: C:\Windows\System32\cpntsrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:02.234 File: C:\Windows\System32\cpqdmi.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:02.281 File: C:\Windows\System32\cpqfws2e.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:02.344 File: C:\Windows\System32\cpuz132.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.091 File: C:\Windows\System32\ctaud2k.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.184 File: C:\Windows\System32\CTSBLFX.DLL.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.247 File: C:\Windows\System32\CTSYN.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.403 File: C:\Windows\System32\ctxcpubal.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.574 File: C:\Windows\System32\CVPNDRVA.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.637 File: C:\Windows\System32\cwafadmincontroller.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.699 File: C:\Windows\System32\CX88AUD.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.762 File: C:\Windows\System32\cyberpowerups.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:04.840 File: C:\Windows\System32\cygserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:09.442 File: C:\Windows\System32\datasvr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:09.504 File: C:\Windows\System32\datunidr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:09.629 File: C:\Windows\System32\db2jds.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:11.906 File: C:\Windows\System32\dcomlaunch.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:12.078 File: C:\Windows\System32\DcPTP.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:13.513 File: C:\Windows\System32\Defrag32.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:13.825 File: C:\Windows\System32\DELTA.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:16.040 File: C:\Windows\System32\DeviceScanner.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:17.039 File: C:\Windows\System32\DfwWebAgent.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:18.427 File: C:\Windows\System32\digirefresh.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:18.505 File: C:\Windows\System32\digitizer.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:18.630 File: C:\Windows\System32\dimension4.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:19.379 File: C:\Windows\System32\diskperf.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:21.875 File: C:\Windows\System32\dladresn.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:21.937 File: C:\Windows\System32\dlcg_device.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:22.000 File: C:\Windows\System32\dlcj_device.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:22.078 File: C:\Windows\System32\DLH5X.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:22.187 File: C:\Windows\System32\dmboot.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:22.811 File: C:\Windows\System32\dnscache.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:22.967 File: C:\Windows\System32\dnserver32.dll **INFECTED** Win64:Sirefef-E [Trj]
21:36:24.574 File: C:\Windows\System32\dot4.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:22.273 File: C:\Windows\System32\dtsagntsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:24.519 File: C:\Windows\System32\dwmrcs.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:28.997 File: C:\Windows\System32\earthlinksafeconnectagent.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:29.168 File: C:\Windows\System32\eelsservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:31.711 File: C:\Windows\System32\el90xbc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:31.805 File: C:\Windows\System32\elbydelay.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:31.898 File: C:\Windows\System32\ELkbd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:46:32.132 File: C:\Windows\System32\elosystemservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:13.624 File: C:\Windows\System32\enum1394.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:13.795 File: C:\Windows\System32\epfw.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:13.967 File: C:\Windows\System32\epsonstatusagent2.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:14.139 File: C:\Windows\System32\epson_pm_rpcv2_01.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:14.310 File: C:\Windows\System32\epson_pm_rpcv2_02.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:14.575 File: C:\Windows\System32\EQDRV5.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:18.663 File: C:\Windows\System32\ET5Drv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:18.990 File: C:\Windows\System32\etoksrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:28.974 File: C:\Windows\System32\fetnd5bv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:29.083 File: C:\Windows\System32\FETNDIS.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:37.258 File: C:\Windows\System32\fsRamDsk.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:45.183 File: C:\Windows\System32\generichidservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:45.370 File: C:\Windows\System32\Gernuwa.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:46.696 File: C:\Windows\System32\GoBack2K.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:46.883 File: C:\Windows\System32\GoProto.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:50.455 File: C:\Windows\System32\GT891x.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:51.079 File: C:\Windows\System32\hap17v2k.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:51.532 File: C:\Windows\System32\HBtnKey.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:51.703 File: C:\Windows\System32\hcf_msft.dll **INFECTED** Win64:Sirefef-E [Trj]
21:49:58.552 File: C:\Windows\System32\hnmsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:00.034 File: C:\Windows\System32\houdinilicenseserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:03.637 File: C:\Windows\System32\HPSLPSVC.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:05.416 File: C:\Windows\System32\hpzius12.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:06.321 File: C:\Windows\System32\hsf_dpv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:06.461 File: C:\Windows\System32\hsf_msft.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:11.562 File: C:\Windows\System32\ICAM3NT5.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:11.921 File: C:\Windows\System32\ICAM5USB.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:20.095 File: C:\Windows\System32\IFPUSB.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:20.782 File: C:\Windows\System32\iftpsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:20.985 File: C:\Windows\System32\ifxtcs.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:21.141 File: C:\Windows\System32\igateway.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:23.028 File: C:\Windows\System32\iirsp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:23.137 File: C:\Windows\System32\IJPLMSVC.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:23.590 File: C:\Windows\System32\imagedrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:25.228 File: C:\Windows\System32\imaservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:38.893 File: C:\Windows\System32\incdrec.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:40.734 File: C:\Windows\System32\ino_flpy.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:41.031 File: C:\Windows\System32\intcazaudaddservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:41.140 File: C:\Windows\System32\interactivelogon.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:43.839 File: C:\Windows\System32\ipsraidn.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:44.260 File: C:\Windows\System32\ISAMSvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:44.369 File: C:\Windows\System32\isapisearch.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:45.898 File: C:\Windows\System32\ISODrive.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:47.707 File: C:\Windows\System32\itchfltr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:51.077 File: C:\Windows\System32\JiaoCap.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:51.732 File: C:\Windows\System32\jobserver_report.dll **INFECTED** Win64:Sirefef-E [Trj]
21:50:53.823 File: C:\Windows\System32\k750mgmt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:16.505 File: C:\Windows\System32\kerbkey.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:18.252 File: C:\Windows\System32\KLOGNT.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:18.876 File: C:\Windows\System32\knobserv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:23.884 File: C:\Windows\System32\lexbces.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:24.274 File: C:\Windows\System32\lgsnd_filter.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:24.617 File: C:\Windows\System32\LHidKe.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:25.132 File: C:\Windows\System32\lightscribeservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:25.616 File: C:\Windows\System32\lktimesync.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:27.410 File: C:\Windows\System32\lmouflt2.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:29.219 File: C:\Windows\System32\lockmgr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:36.863 File: C:\Windows\System32\lvmvdrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:37.082 File: C:\Windows\System32\lxce_device.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:37.253 File: C:\Windows\System32\lxcr_device.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:43.836 File: C:\Windows\System32\lyncusbserv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:44.148 File: C:\Windows\System32\macformatservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:45.147 File: C:\Windows\System32\mafwboot.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:48.860 File: C:\Windows\System32\mcp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:48.969 File: C:\Windows\System32\mcredirector.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:49.936 File: C:\Windows\System32\mdm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:50.186 File: C:\Windows\System32\mdmxsdk.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:50.794 File: C:\Windows\System32\merakcontrol.dll **INFECTED** Win64:Sirefef-E [Trj]
21:51:54.304 File: C:\Windows\System32\mgabg.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:27.813 File: C:\Windows\System32\milshieldcleaner.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:28.078 File: C:\Windows\System32\MKEMUSB.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:28.203 File: C:\Windows\System32\mks_scan.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:31.822 File: C:\Windows\System32\mozybackup.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:31.916 File: C:\Windows\System32\mozyFilter.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:33.632 File: C:\Windows\System32\mqdmmdm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:33.756 File: C:\Windows\System32\mr7910.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:46.829 File: C:\Windows\System32\mskservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:55.597 File: C:\Windows\System32\msvad_simple.dll **INFECTED** Win64:Sirefef-E [Trj]
21:52:59.356 File: C:\Windows\System32\MTDVC2.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:00.682 File: C:\Windows\System32\mup.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:00.838 File: C:\Windows\System32\mwspollserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:03.303 File: C:\Windows\System32\navapsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:05.440 File: C:\Windows\System32\ndasscsi.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:09.309 File: C:\Windows\System32\netddedsdm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:18.841 File: C:\Windows\System32\networkx.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:19.808 File: C:\Windows\System32\nfsds.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:52.958 File: C:\Windows\System32\nmindexingservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:53.363 File: C:\Windows\System32\nmservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:53.722 File: C:\Windows\System32\nocashio.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:56.031 File: C:\Windows\System32\NPDriver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:56.171 File: C:\Windows\System32\npkcmsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:58.028 File: C:\Windows\System32\nsm1bus.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:58.231 File: C:\Windows\System32\NsTrcNT.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:58.449 File: C:\Windows\System32\nsvcip.dll **INFECTED** Win64:Sirefef-E [Trj]
21:53:58.714 File: C:\Windows\System32\nsvclog.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:01.616 File: C:\Windows\System32\ntsyslog.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:01.850 File: C:\Windows\System32\NVENET.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:02.006 File: C:\Windows\System32\nvport.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:02.240 File: C:\Windows\System32\nvstor32.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:02.458 File: C:\Windows\System32\nwlnkipx.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:02.583 File: C:\Windows\System32\NWSNS.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:06.046 File: C:\Windows\System32\ofcservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:09.073 File: C:\Windows\System32\omci.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:09.135 File: C:\Windows\System32\OneCareMP.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:28.619 File: C:\Windows\System32\oracleorahome92tnslistener.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:28.775 File: C:\Windows\System32\orbmediaservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:31.240 File: C:\Windows\System32\papyjoy.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:31.755 File: C:\Windows\System32\pavatscheduler.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:31.942 File: C:\Windows\System32\pavreport.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:33.206 File: C:\Windows\System32\pcidrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:34.376 File: C:\Windows\System32\PdiPorts.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:34.625 File: C:\Windows\System32\pdlndldl.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:34.750 File: C:\Windows\System32\pdlnsv25.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:36.529 File: C:\Windows\System32\persfw.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:37.979 File: C:\Windows\System32\picturetaker.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:39.290 File: C:\Windows\System32\pimsgss.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:39.649 File: C:\Windows\System32\pinger.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:44.968 File: C:\Windows\System32\plsremotesvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:54:46.809 File: C:\Windows\System32\pnkbstrk.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:01.224 File: C:\Windows\System32\psadd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:01.957 File: C:\Windows\System32\PSDNServ.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:04.968 File: C:\Windows\System32\Ptserlp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:05.654 File: C:\Windows\System32\pxhelp20.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:09.679 File: C:\Windows\System32\qmofiltr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:14.562 File: C:\Windows\System32\rasacd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:19.710 File: C:\Windows\System32\rassstp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:20.349 File: C:\Windows\System32\raysat3_4_6_18server.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:23.906 File: C:\Windows\System32\rdpwd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:28.773 File: C:\Windows\System32\regmon701.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:29.101 File: C:\Windows\System32\regspy.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:33.375 File: C:\Windows\System32\rmedia.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:34.764 File: C:\Windows\System32\rootmodem.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:35.419 File: C:\Windows\System32\roxwatch9.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:35.731 File: C:\Windows\System32\rpcapd.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:37.306 File: C:\Windows\System32\rpcnet.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:38.929 File: C:\Windows\System32\rrspy.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:39.319 File: C:\Windows\System32\rt2870.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:39.490 File: C:\Windows\System32\rtl8023.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:39.662 File: C:\Windows\System32\rtl8139.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:40.114 File: C:\Windows\System32\rtport.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:40.239 File: C:\Windows\System32\RTSTOR.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:41.721 File: C:\Windows\System32\RVIEG01.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:41.846 File: C:\Windows\System32\s117bus.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:41.971 File: C:\Windows\System32\s125mdm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:42.283 File: C:\Windows\System32\s24trans.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:42.486 File: C:\Windows\System32\s3twistr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:42.704 File: C:\Windows\System32\s716mgmt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:43.016 File: C:\Windows\System32\s716unic.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:43.297 File: C:\Windows\System32\SaiClass.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:44.389 File: C:\Windows\System32\samss.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:44.467 File: C:\Windows\System32\sandrathesrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:44.904 File: C:\Windows\System32\savrt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:45.684 File: C:\Windows\System32\sbp2port.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:47.010 File: C:\Windows\System32\schedule.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:47.540 File: C:\Windows\System32\scsk4.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:50.083 File: C:\Windows\System32\SE26mgmt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:50.176 File: C:\Windows\System32\se2Eunic.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:50.270 File: C:\Windows\System32\se58obex.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:50.426 File: C:\Windows\System32\se59mdm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:56.744 File: C:\Windows\System32\sfng32.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:56.853 File: C:\Windows\System32\sfvfs02.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:58.928 File: C:\Windows\System32\si3114r.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:59.037 File: C:\Windows\System32\sigfilt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:55:59.864 File: C:\Windows\System32\Sk99202k.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:00.363 File: C:\Windows\System32\slabbus.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:00.816 File: C:\Windows\System32\slssvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:01.424 File: C:\Windows\System32\SMCB000.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:05.714 File: C:\Windows\System32\SMNDIS5.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:05.948 File: C:\Windows\System32\smstsmgr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:06.775 File: C:\Windows\System32\SNP2STD.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:07.477 File: C:\Windows\System32\sparrow.dll **INFECTED** Win64:Sirefef-E [Trj]
21:56:07.789 File: C:\Windows\System32\SPCtl.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:11.967 File: C:\Windows\System32\SQLAgent$MICROSOFTSMLBIZ.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:12.966 File: C:\Windows\System32\sqlserveragent.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:13.886 File: C:\Windows\System32\SQTECH905C.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:15.665 File: C:\Windows\System32\SRTSPL.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:15.758 File: C:\Windows\System32\SrvcEKIOMngr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:16.351 File: C:\Windows\System32\sscdmdfl.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:17.006 File: C:\Windows\System32\ssm_mdm.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:19.455 File: C:\Windows\System32\starwindservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:20.469 File: C:\Windows\System32\StickyMesger.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:20.781 File: C:\Windows\System32\StkScan.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:21.842 File: C:\Windows\System32\Stltrk2k.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:23.605 File: C:\Windows\System32\swenum.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:24.588 File: C:\Windows\System32\symmpi.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:24.728 File: C:\Windows\System32\symndis.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:43.495 File: C:\Windows\System32\tcpip.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:45.164 File: C:\Windows\System32\termservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:45.601 File: C:\Windows\System32\tfsnudf.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:48.206 File: C:\Windows\System32\tifmsony.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:49.173 File: C:\Windows\System32\TNaviSrv.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:49.345 File: C:\Windows\System32\tnidriver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:49.860 File: C:\Windows\System32\TPPWRIF.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:53.011 File: C:\Windows\System32\tsmapip.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:53.370 File: C:\Windows\System32\tsp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:54.665 File: C:\Windows\System32\tunmp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:55.117 File: C:\Windows\System32\tvtpktfilter.dll **INFECTED** Win64:Sirefef-E [Trj]
21:57:58.611 File: C:\Windows\System32\UimBus.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:00.218 File: C:\Windows\System32\ulcdrhlp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:00.468 File: C:\Windows\System32\ultra.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:01.341 File: C:\Windows\System32\umpusbxp.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:01.747 File: C:\Windows\System32\umwdf.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:04.477 File: C:\Windows\System32\usbatapi2000.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:04.555 File: C:\Windows\System32\usbaudio.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:04.961 File: C:\Windows\System32\usbuhci.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:05.163 File: C:\Windows\System32\uscbs108.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:05.850 File: C:\Windows\System32\useraccess.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:06.973 File: C:\Windows\System32\usnjsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:07.519 File: C:\Windows\System32\USRpdA.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:09.703 File: C:\Windows\System32\vaiomediaplatform-integratedserver-appserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:14.617 File: C:\Windows\System32\vetmsgnt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:15.210 File: C:\Windows\System32\VirtualFD.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:16.645 File: C:\Windows\System32\vtserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:17.222 File: C:\Windows\System32\w550mdfl.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:17.363 File: C:\Windows\System32\w550mgmt.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:17.519 File: C:\Windows\System32\W55U01.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:17.924 File: C:\Windows\System32\wampmysqld.dll **INFECTED** Win64:Sirefef-E [Trj]
21:58:19.359 File: C:\Windows\System32\WavxDMgr.dll **INFECTED** Win64:Sirefef-E [Trj]
21:59:10.543 File: C:\Windows\System32\webrootspysweeperservice.dll **INFECTED** Win64:Sirefef-E [Trj]
21:59:10.746 File: C:\Windows\System32\websensecamreportserver.dll **INFECTED** Win64:Sirefef-E [Trj]
21:59:14.755 File: C:\Windows\System32\wg111nd5.dll **INFECTED** Win64:Sirefef-E [Trj]
21:59:42.118 File: C:\Windows\System32\winsshd.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:05.674 File: C:\Windows\System32\WscNetDr.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:16.250 File: C:\Windows\System32\WUSB54GCSVC.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:16.313 File: C:\Windows\System32\WUSB54GPV4SRV.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:19.589 File: C:\Windows\System32\xfilt.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:20.759 File: C:\Windows\System32\xpagentserver.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:24.004 File: C:\Windows\System32\YahooAUService.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:24.222 File: C:\Windows\System32\z800mgmt.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:24.362 File: C:\Windows\System32\zenos1.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:27.249 File: C:\Windows\System32\ziptoa.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:27.405 File: C:\Windows\System32\zmxpzip.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:27.639 File: C:\Windows\System32\zpnodecollector.dll **INFECTED** Win64:Sirefef-E [Trj]
22:00:27.810 File: C:\Windows\System32\zppinger.dll **INFECTED** Win64:Sirefef-E [Trj]
23:15:35.266 Scan finished successfully
23:15:52.270 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
23:15:52.317 The log file has been saved successfully to "G:\aswMBR.txt"

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:06 AM

Posted 15 May 2012 - 06:12 AM

Hello,



STEP 1



Please do the following:

Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

now copy/paste the following at the command prompt:

fsutil reparsepoint delete C:\Windows\system64

Press enter





STEP 2



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
    IE - HKLM\..\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm568YYUS&ptb=96F7BE44-BFCD-4BB8-B4FE-B7D8C162FF7F&psa=&ind=2010121423&ptnrS=ZKxdm568YYUS&si=&st=sb&n=77d004cf&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AU&apn_dtid=YYYYYYYYUS&apn_uid=F7F80902-E72C-402B-BBA1-3D79DEA7415B&apn_sauid=892E8707-78CA-43C2-ABE4-DB9DD556E7FD
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{17D19E78-13E5-45FB-9184-CE36886A473E}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=cfc514e8afb249ccb38a90cf5c8d9a1a
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=3746813001CB860F001D85A3&install_time=2010-11-17T04:23:39Z&src_id=11613&camp_id=1696&tb_version=2.5.15000.521
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm568YYUS&ptb=96F7BE44-BFCD-4BB8-B4FE-B7D8C162FF7F&psa=&ind=2010121423&ptnrS=ZKxdm568YYUS&si=&st=sb&n=77d004cf&searchfor={searchTerms}
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
    IE - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=cfc514e8afb249ccb38a90cf5c8d9a1a&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    [2011/03/10 21:50:29 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2011/12/02 21:40:04 | 000,002,567 | ---- | M] () -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\searchplugins\askcom.xml
    [2011/12/30 19:56:43 | 000,001,211 | ---- | M] () -- C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\searchplugins\Mp3Tube.xml
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-3141694677-1651255109-471062170-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    [2012/01/01 00:45:53 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\AVG10
    [2011/12/31 23:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\AVG2012
    [2011/09/17 08:20:19 | 000,003,596 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb
    [2012/05/14 13:22:37 | 000,003,496 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb
    [2011/09/17 08:20:22 | 000,003,596 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb
    [2012/05/14 13:22:37 | 000,003,496 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb
    [2011/10/15 20:43:08 | 000,002,144 | -HS- | M] () MD5=78601024C6BFED680BBFAA78372572D7 -- C:\Windows\assembly\tmp\click.tlb
    [2012/05/14 13:22:41 | 000,002,632 | -HS- | M] () MD5=F16C94B6CB9A03A663617DBACC906C04 -- C:\Windows\assembly\tmp\loader.tlb
    [2011/07/20 21:55:14 | 000,002,048 | ---- | M] () MD5=9D3F2DC5732109C0D8EB77EF1652F67A -- C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:07BF512B
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
    :files
    ipconfig /flushdns /c
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.




STEP 3


  • Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under the Custom Scan box paste this in:

    c:\windows\system32\*.
    c:\windows\sysnative\*.

  • Click on the Posted Image button.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Please post the log in your next post.





STEP 4



Run Scan with Malwarebytes


  • I see you have Malwarebytes' Anti-Malware installed on your computer.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.





STEP 5



I'd like us to scan your machine with ESET OnlineScan



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Regards,
Georgi

cXfZ4wS.png


#15 kistos

kistos
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 15 May 2012 - 03:38 PM

Once again thanks for your help through this mess! Here are the logs you requested.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{17D19E78-13E5-45FB-9184-CE36886A473E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17D19E78-13E5-45FB-9184-CE36886A473E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FD4BCF8-D06B-4DB0-A3B0-2F18B518C4BC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Prefs.js: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=cfc514e8afb249ccb38a90cf5c8d9a1a&subid=&keywords={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\searchplugins\askcom.xml moved successfully.
C:\Users\Lupita\AppData\Roaming\Mozilla\Firefox\Profiles\qdnbbxmq.default\searchplugins\Mp3Tube.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3141694677-1651255109-471062170-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
C:\Users\Lupita\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Lupita\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Lupita\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Lupita\AppData\Roaming\AVG2012 folder moved successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Windows\assembly\tmp\click.tlb moved successfully.
C:\Windows\assembly\tmp\loader.tlb moved successfully.
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} moved successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
Mount Point C:\Windows\system64 removed successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lupita\Desktop\cmd.bat deleted successfully.
C:\Users\Lupita\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lupita
->Temp folder emptied: 70972151 bytes
->Temporary Internet Files folder emptied: 70369052 bytes
->Java cache emptied: 16547363 bytes
->FireFox cache emptied: 84672353 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 3896 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2925 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 284697933 bytes
RecycleBin emptied: 2964 bytes

Total Files Cleaned = 505.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05152012_100804

Files\Folders moved on Reboot...
C:\Users\Lupita\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

OTS logfile created on: 5/15/2012 10:16:51 AM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Lupita\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.51 Gb Total Space | 231.50 Gb Free Space | 81.94% Space Free | Partition Type: NTFS
Drive D: | 15.28 Gb Total Space | 2.51 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.22 Mb Free Space | 95.85% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 1.94 Gb Free Space | 26.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LUPITA-PC
Current User Name: Lupita
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Custom Scans]
< c:\windows\system32\*. >
 0409 -> c:\windows\system32\0409 -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 Adobe -> c:\windows\system32\Adobe -> [2009/11/05 19:03:51 | 000,000,000 | ---D | M]
 AdvancedInstallers -> c:\windows\system32\AdvancedInstallers -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 ar-SA -> c:\windows\system32\ar-SA -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 bg-BG -> c:\windows\system32\bg-BG -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 catroot -> c:\windows\system32\catroot -> [2009/07/13 19:35:36 | 000,000,000 | ---D | M]
 catroot2 -> c:\windows\system32\catroot2 -> [2009/07/13 19:35:36 | 000,000,000 | ---D | M]
 com -> c:\windows\system32\com -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 config -> c:\windows\system32\config -> [2012/01/01 00:45:16 | 000,000,000 | ---D | M]
 cs-CZ -> c:\windows\system32\cs-CZ -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 da-DK -> c:\windows\system32\da-DK -> [2012/05/13 03:15:03 | 000,000,000 | ---D | M]
 de-DE -> c:\windows\system32\de-DE -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 Dism -> c:\windows\system32\Dism -> [2012/05/13 03:14:58 | 000,000,000 | ---D | M]
 drivers -> c:\windows\system32\drivers -> [2012/05/14 16:32:19 | 000,000,000 | ---D | M]
 DriverStore -> c:\windows\system32\DriverStore -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 el-GR -> c:\windows\system32\el-GR -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 en -> c:\windows\system32\en -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 en-US -> c:\windows\system32\en-US -> [2012/05/13 03:15:03 | 000,000,000 | ---D | M]
 es-ES -> c:\windows\system32\es-ES -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 et-EE -> c:\windows\system32\et-EE -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 fi-FI -> c:\windows\system32\fi-FI -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 fr-FR -> c:\windows\system32\fr-FR -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 FxsTmp -> c:\windows\system32\FxsTmp -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 GroupPolicy -> c:\windows\system32\GroupPolicy -> [2009/07/13 19:34:27 | 000,000,000 | ---D | M]
 GroupPolicyUsers -> c:\windows\system32\GroupPolicyUsers -> [2009/07/13 19:34:27 | 000,000,000 | ---D | M]
 he-IL -> c:\windows\system32\he-IL -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 hr-HR -> c:\windows\system32\hr-HR -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 hu-HU -> c:\windows\system32\hu-HU -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 icsxml -> c:\windows\system32\icsxml -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 IME -> c:\windows\system32\IME -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 inetsrv -> c:\windows\system32\inetsrv -> [2009/07/13 19:36:55 | 000,000,000 | ---D | M]
 InstallShield -> c:\windows\system32\InstallShield -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 it-IT -> c:\windows\system32\it-IT -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 ja-JP -> c:\windows\system32\ja-JP -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 ko-KR -> c:\windows\system32\ko-KR -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 LogFiles -> c:\windows\system32\LogFiles -> [2011/06/30 19:14:59 | 000,000,000 | ---D | M]
 lt-LT -> c:\windows\system32\lt-LT -> [2009/07/13 20:20:17 | 000,000,000 | ---D | M]
 lv-LV -> c:\windows\system32\lv-LV -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 Macromed -> c:\windows\system32\Macromed -> [2010/03/24 20:30:44 | 000,000,000 | ---D | M]
 manifeststore -> c:\windows\system32\manifeststore -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 migration -> c:\windows\system32\migration -> [2012/05/14 13:19:28 | 000,000,000 | ---D | M]
 migwiz -> c:\windows\system32\migwiz -> [2012/05/13 03:14:58 | 000,000,000 | ---D | M]
 Msdtc -> c:\windows\system32\Msdtc -> [2012/01/01 00:45:18 | 000,000,000 | ---D | M]
 MUI -> c:\windows\system32\MUI -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 nb-NO -> c:\windows\system32\nb-NO -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 NDF -> c:\windows\system32\NDF -> [2009/07/13 19:34:31 | 000,000,000 | ---D | M]
 NetworkList -> c:\windows\system32\NetworkList -> [2012/01/01 00:45:18 | 000,000,000 | ---D | M]
 nl-NL -> c:\windows\system32\nl-NL -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 oobe -> c:\windows\system32\oobe -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 pl-PL -> c:\windows\system32\pl-PL -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 Printing_Admin_Scripts -> c:\windows\system32\Printing_Admin_Scripts -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 pt-BR -> c:\windows\system32\pt-BR -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 pt-PT -> c:\windows\system32\pt-PT -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 ras -> c:\windows\system32\ras -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 Recovery -> c:\windows\system32\Recovery -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 restore -> c:\windows\system32\restore -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 ro-RO -> c:\windows\system32\ro-RO -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 ru-RU -> c:\windows\system32\ru-RU -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 Setup -> c:\windows\system32\Setup -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 sk-SK -> c:\windows\system32\sk-SK -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 sl-SI -> c:\windows\system32\sl-SI -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 slmgr -> c:\windows\system32\slmgr -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 Speech -> c:\windows\system32\Speech -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 spp -> c:\windows\system32\spp -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 sppui -> c:\windows\system32\sppui -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 sr-Latn-CS -> c:\windows\system32\sr-Latn-CS -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 sv-SE -> c:\windows\system32\sv-SE -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 sysprep -> c:\windows\system32\sysprep -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 Tasks -> c:\windows\system32\Tasks -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 th-TH -> c:\windows\system32\th-TH -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 tr-TR -> c:\windows\system32\tr-TR -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 uk-UA -> c:\windows\system32\uk-UA -> [2009/07/13 20:20:19 | 000,000,000 | ---D | M]
 Wat -> c:\windows\system32\Wat -> [2010/07/26 17:54:41 | 000,000,000 | ---D | M]
 wbem -> c:\windows\system32\wbem -> [2012/05/13 03:14:59 | 000,000,000 | ---D | M]
 WCN -> c:\windows\system32\WCN -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 wdi -> c:\windows\system32\wdi -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 WindowsPowerShell -> c:\windows\system32\WindowsPowerShell -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 winrm -> c:\windows\system32\winrm -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 zh-CN -> c:\windows\system32\zh-CN -> [2009/07/13 20:20:20 | 000,000,000 | ---D | M]
 zh-HK -> c:\windows\system32\zh-HK -> [2009/07/13 20:20:20 | 000,000,000 | ---D | M]
 zh-TW -> c:\windows\system32\zh-TW -> [2009/07/13 20:20:20 | 000,000,000 | ---D | M]
< c:\windows\sysnative\*. >
 %APPDATA% -> c:\windows\sysnative\%APPDATA% -> [2012/01/01 00:46:07 | 000,000,000 | -HSD | M]
 0409 -> c:\windows\sysnative\0409 -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 AdvancedInstallers -> c:\windows\sysnative\AdvancedInstallers -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 ar-SA -> c:\windows\sysnative\ar-SA -> [2009/07/13 20:20:11 | 000,000,000 | ---D | M]
 bg-BG -> c:\windows\sysnative\bg-BG -> [2009/07/13 20:20:11 | 000,000,000 | ---D | M]
 Boot -> c:\windows\sysnative\Boot -> [2012/05/13 03:14:27 | 000,000,000 | ---D | M]
 catroot -> c:\windows\sysnative\catroot -> [2012/05/13 20:35:07 | 000,000,000 | ---D | M]
 catroot2 -> c:\windows\sysnative\catroot2 -> [2012/05/13 20:35:05 | 000,000,000 | ---D | M]
 CodeIntegrity -> c:\windows\sysnative\CodeIntegrity -> [2009/09/06 18:11:33 | 000,000,000 | ---D | M]
 com -> c:\windows\sysnative\com -> [2009/07/13 22:37:45 | 000,000,000 | ---D | M]
 config -> c:\windows\sysnative\config -> [2012/05/15 10:16:51 | 000,000,000 | ---D | M]
 cs-CZ -> c:\windows\sysnative\cs-CZ -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 da-DK -> c:\windows\sysnative\da-DK -> [2012/05/13 03:14:48 | 000,000,000 | ---D | M]
 de-DE -> c:\windows\sysnative\de-DE -> [2009/07/13 20:20:13 | 000,000,000 | ---D | M]
 Dism -> c:\windows\sysnative\Dism -> [2012/05/13 03:14:46 | 000,000,000 | ---D | M]
 drivers -> c:\windows\sysnative\drivers -> [2012/05/14 20:07:26 | 000,000,000 | ---D | M]
 DriverStore -> c:\windows\sysnative\DriverStore -> [2012/05/13 03:19:07 | 000,000,000 | ---D | M]
 DRVSTORE -> c:\windows\sysnative\DRVSTORE -> [2010/03/24 20:00:20 | 000,000,000 | ---D | M]
 el-GR -> c:\windows\sysnative\el-GR -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 en -> c:\windows\sysnative\en -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 en-US -> c:\windows\sysnative\en-US -> [2012/05/13 03:14:48 | 000,000,000 | ---D | M]
 es-ES -> c:\windows\sysnative\es-ES -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 et-EE -> c:\windows\sysnative\et-EE -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 EventProviders -> c:\windows\sysnative\EventProviders -> [2012/01/01 00:45:12 | 000,000,000 | ---D | M]
 fi-FI -> c:\windows\sysnative\fi-FI -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 fr-FR -> c:\windows\sysnative\fr-FR -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 FxsTmp -> c:\windows\sysnative\FxsTmp -> [2009/07/13 22:09:04 | 000,000,000 | ---D | M]
 GroupPolicy -> c:\windows\sysnative\GroupPolicy -> [2009/07/13 19:34:27 | 000,000,000 | ---D | M]
 GroupPolicyUsers -> c:\windows\sysnative\GroupPolicyUsers -> [2009/07/13 19:34:27 | 000,000,000 | ---D | M]
 he-IL -> c:\windows\sysnative\he-IL -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 hr-HR -> c:\windows\sysnative\hr-HR -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 hu-HU -> c:\windows\sysnative\hu-HU -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 ias -> c:\windows\sysnative\ias -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 icsxml -> c:\windows\sysnative\icsxml -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 IME -> c:\windows\sysnative\IME -> [2009/07/13 20:20:11 | 000,000,000 | ---D | M]
 inetsrv -> c:\windows\sysnative\inetsrv -> [2009/07/13 19:36:55 | 000,000,000 | ---D | M]
 it-IT -> c:\windows\sysnative\it-IT -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 ja-JP -> c:\windows\sysnative\ja-JP -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 ko-KR -> c:\windows\sysnative\ko-KR -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 LogFiles -> c:\windows\sysnative\LogFiles -> [2012/02/03 20:58:23 | 000,000,000 | ---D | M]
 lt-LT -> c:\windows\sysnative\lt-LT -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 lv-LV -> c:\windows\sysnative\lv-LV -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 Macromed -> c:\windows\sysnative\Macromed -> [2012/01/01 00:45:13 | 000,000,000 | ---D | M]
 manifeststore -> c:\windows\sysnative\manifeststore -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 Microsoft -> c:\windows\sysnative\Microsoft -> [2009/07/13 21:45:42 | 000,000,000 | --SD | M]
 migration -> c:\windows\sysnative\migration -> [2012/05/14 13:19:28 | 000,000,000 | ---D | M]
 migwiz -> c:\windows\sysnative\migwiz -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 Msdtc -> c:\windows\sysnative\Msdtc -> [2012/01/01 00:45:13 | 000,000,000 | ---D | M]
 MUI -> c:\windows\sysnative\MUI -> [2009/07/13 22:37:45 | 000,000,000 | ---D | M]
 nb-NO -> c:\windows\sysnative\nb-NO -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 NDF -> c:\windows\sysnative\NDF -> [2012/01/05 19:01:29 | 000,000,000 | ---D | M]
 NetworkList -> c:\windows\sysnative\NetworkList -> [2012/01/01 00:45:13 | 000,000,000 | ---D | M]
 nl-NL -> c:\windows\sysnative\nl-NL -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 oobe -> c:\windows\sysnative\oobe -> [2012/05/13 03:14:48 | 000,000,000 | ---D | M]
 pl-PL -> c:\windows\sysnative\pl-PL -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 Printing_Admin_Scripts -> c:\windows\sysnative\Printing_Admin_Scripts -> [2009/07/13 22:37:45 | 000,000,000 | ---D | M]
 pt-BR -> c:\windows\sysnative\pt-BR -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 pt-PT -> c:\windows\sysnative\pt-PT -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 ras -> c:\windows\sysnative\ras -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 Recovery -> c:\windows\sysnative\Recovery -> [2010/07/24 07:41:55 | 000,000,000 | ---D | M]
 restore -> c:\windows\sysnative\restore -> [2010/07/24 07:42:00 | 000,000,000 | ---D | M]
 ro-RO -> c:\windows\sysnative\ro-RO -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 ru-RU -> c:\windows\sysnative\ru-RU -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 Setup -> c:\windows\sysnative\Setup -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 sk-SK -> c:\windows\sysnative\sk-SK -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 sl-SI -> c:\windows\sysnative\sl-SI -> [2009/07/13 20:20:15 | 000,000,000 | ---D | M]
 slmgr -> c:\windows\sysnative\slmgr -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 SMI -> c:\windows\sysnative\SMI -> [2009/07/13 20:20:13 | 000,000,000 | ---D | M]
 Speech -> c:\windows\sysnative\Speech -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 spool -> c:\windows\sysnative\spool -> [2009/07/13 21:53:31 | 000,000,000 | ---D | M]
 spp -> c:\windows\sysnative\spp -> [2009/07/13 20:20:13 | 000,000,000 | ---D | M]
 sppui -> c:\windows\sysnative\sppui -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 SPReview -> c:\windows\sysnative\SPReview -> [2012/05/13 02:55:20 | 000,000,000 | ---D | M]
 sr-Latn-CS -> c:\windows\sysnative\sr-Latn-CS -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 SRSLabs -> c:\windows\sysnative\SRSLabs -> [2010/03/24 20:05:11 | 000,000,000 | ---D | M]
 sv-SE -> c:\windows\sysnative\sv-SE -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 sysprep -> c:\windows\sysnative\sysprep -> [2010/03/24 20:41:17 | 000,000,000 | ---D | M]
 Tasks -> c:\windows\sysnative\Tasks -> [2012/05/12 23:28:11 | 000,000,000 | ---D | M]
 th-TH -> c:\windows\sysnative\th-TH -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 tr-TR -> c:\windows\sysnative\tr-TR -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 uk-UA -> c:\windows\sysnative\uk-UA -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 Wat -> c:\windows\sysnative\Wat -> [2010/07/26 17:54:41 | 000,000,000 | ---D | M]
 wbem -> c:\windows\sysnative\wbem -> [2012/05/13 03:14:47 | 000,000,000 | ---D | M]
 WCN -> c:\windows\sysnative\WCN -> [2009/07/13 22:37:45 | 000,000,000 | ---D | M]
 wdi -> c:\windows\sysnative\wdi -> [2012/05/14 16:21:43 | 000,000,000 | ---D | M]
 wfp -> c:\windows\sysnative\wfp -> [2012/01/01 00:46:24 | 000,000,000 | ---D | M]
 WinBioDatabase -> c:\windows\sysnative\WinBioDatabase -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 WinBioPlugIns -> c:\windows\sysnative\WinBioPlugIns -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 WindowsPowerShell -> c:\windows\sysnative\WindowsPowerShell -> [2009/07/13 22:32:38 | 000,000,000 | ---D | M]
 winevt -> c:\windows\sysnative\winevt -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
 winrm -> c:\windows\sysnative\winrm -> [2009/07/13 22:37:46 | 000,000,000 | ---D | M]
 zh-CN -> c:\windows\sysnative\zh-CN -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 zh-HK -> c:\windows\sysnative\zh-HK -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
 zh-TW -> c:\windows\sysnative\zh-TW -> [2009/07/13 20:20:16 | 000,000,000 | ---D | M]
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users