Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2, svchost 100% cpu usage


  • This topic is locked This topic is locked
37 replies to this topic

#1 iori_argami

iori_argami

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 17 May 2012 - 09:13 PM

Hi All,

I'm using Windows 7 64bit. Yesterday SEP 12 start to prompt detection of Trojan.Gen.2 every now and then. Even if its after quarantine. I had check the location of the file which is located at C:\Windows\Installer\

I also found out that my svchost been hogging at my CPU for 100%. I tried to stop the process and it comes back every now and then.

Attach is my DDS log file. Please help

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by kkheng at 10:05:17 on 2012-05-18
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8047.4630 [GMT 8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system\uArcCapture.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\kkheng\Downloads\ProcessExplorer\procexp.exe
C:\Users\kkheng\Downloads\ProcessExplorer\procexp64.exe
"C:\Windows\SysWOW64\svchost.exe" -g no -t 3 -o http://tang0-hote1.com:8344/ -u inrrhvsfdzov -p etyvavpkzlntl
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\regedit.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sharepoint
uInternet Settings,ProxyServer = proxy.austinheights.edu.my:8080
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [MFP and Storage Server] "C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe" /h
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
StartupFolder: C:\Users\kkheng\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: kuaiche.com\software
Trusted Zone: microsoft.com\sftasia.one
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} - hxxps://sftasia.one.microsoft.com/SAXFileEE.cab
DPF: {BCD8A973-8E6A-4A86-ACE0-73389E9EED00} - hxxps://172.16.10.1/iClientAx.cab?pid=2A139CC421F0A8064BCB
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.16.100.1
TCP: Interfaces\{7545A1E8-87F3-4C2F-A32D-64D110298662} : DhcpNameServer = 192.168.0.201 192.168.0.200
TCP: Interfaces\{7BB5E654-7D27-4FC3-9983-F43C19350396} : DhcpNameServer = 192.168.0.235 192.168.0.238
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825} : DhcpNameServer = 172.16.100.1
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\14C6078616F5659405 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\3445C43524F575C414E40313 : DhcpNameServer = 172.16.31.10 172.16.31.9
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\351405D23524 : DhcpNameServer = 192.168.210.3
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\44721514355484F534146454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\472756E646E65647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\A434F584F6D656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}\A457C696573702940786F6E656 : DhcpNameServer = 203.92.128.151 203.92.128.189
TCP: Interfaces\{BA8BB4AE-DE9F-46D3-9B84-C7EEF4E1D248} : DhcpNameServer = 203.92.128.189 203.92.128.151
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO-X64: BHO_Startup - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kkheng\AppData\Roaming\Mozilla\Firefox\Profiles\u1piopx9.default\
FF - prefs.js: network.proxy.ftp - 192.168.200.189
FF - prefs.js: network.proxy.ftp_port - 9505
FF - prefs.js: network.proxy.gopher - webdefence.global.blackspider.com
FF - prefs.js: network.proxy.gopher_port - 8081
FF - prefs.js: network.proxy.http - 192.168.200.189
FF - prefs.js: network.proxy.http_port - 9505
FF - prefs.js: network.proxy.socks - 192.168.200.189
FF - prefs.js: network.proxy.socks_port - 9505
FF - prefs.js: network.proxy.ssl - 192.168.200.189
FF - prefs.js: network.proxy.ssl_port - 9505
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\kkheng\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx64.sys [2012-5-10 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120515.001\IDSviA64.sys [2012-5-16 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/20 17:33:46];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-8-25 148976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-12-20 83240]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-12-20 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-12-20 292136]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-5-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-11 297984]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-12-20 75248]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-15 137224]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-20 2250616]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 uArcCapture;ArcCapture;C:\Windows\system\uArcCapture.exe [2010-8-21 506472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-17 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys --> C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-8-20 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-16 138360]
R3 EST_BusEnum;Network USB Device Bus;C:\Windows\system32\DRIVERS\GenBus.sys --> C:\Windows\system32\DRIVERS\GenBus.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
S3 EST_Server;Network USB Device;C:\Windows\system32\DRIVERS\GenHC.sys --> C:\Windows\system32\DRIVERS\GenHC.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-4-30 11839488]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-18 01:50:26 -------- d-----w- C:\Program Files (x86)\DLLSuite
2012-05-18 01:42:43 -------- d-----w- C:\Users\kkheng\AppData\Local\SvchostViewer
2012-05-18 00:51:54 -------- d-----w- C:\Users\kkheng\AppData\Local\{7776D0DD-A832-4E93-890A-424B5AF36EB6}
2012-05-18 00:51:43 -------- d-----w- C:\Users\kkheng\AppData\Local\{7A9CB720-919F-46D5-84E5-86768D3C36E2}
2012-05-17 08:52:02 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-17 08:13:07 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-17 07:51:55 98816 ----a-w- C:\Windows\sed.exe
2012-05-17 07:51:55 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-17 07:51:55 256000 ----a-w- C:\Windows\PEV.exe
2012-05-17 07:51:55 208896 ----a-w- C:\Windows\MBR.exe
2012-05-17 07:23:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-17 07:23:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 07:23:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-05-17 07:08:39 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-17 07:08:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-17 07:08:39 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-17 07:08:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-17 07:08:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-17 07:08:39 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-17 07:08:39 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-17 06:50:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-17 06:50:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-17 06:50:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-17 06:50:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-17 06:50:21 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-17 06:50:20 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-17 06:49:48 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-17 06:49:18 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-17 06:49:18 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-17 06:49:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-17 06:49:17 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-17 06:49:17 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-17 06:23:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-17 06:23:56 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-17 02:55:16 -------- d-----w- C:\Users\kkheng\AppData\Local\{79D694FD-7489-4A99-981F-40BE80E118CE}
2012-05-17 02:55:05 -------- d-----w- C:\Users\kkheng\AppData\Local\{81A6A03C-FC73-4183-8FE1-C013262A3F8A}
2012-05-16 14:54:51 -------- d-----w- C:\Users\kkheng\AppData\Local\{EF317EA1-669A-4BC1-9FCD-4C41AEA354D0}
2012-05-16 14:53:34 -------- d-----w- C:\Users\kkheng\AppData\Local\{39B92751-A6F5-4659-8BC2-308004CA25D9}
2012-05-16 00:42:38 -------- d-----w- C:\Users\kkheng\AppData\Local\{411C10DC-9514-4E3C-8B3E-11351C668733}
2012-05-16 00:42:27 -------- d-----w- C:\Users\kkheng\AppData\Local\{3ABD2741-222B-4A8E-AD74-B0C18BA521B6}
2012-05-11 04:52:03 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-11 03:10:52 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-05-11 03:10:14 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-05-11 03:10:12 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-05-11 03:10:10 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-05-11 03:10:07 942192 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-05-11 03:07:27 -------- d-----w- C:\Program Files\Common Files\VMware
2012-05-11 01:12:22 -------- d-----w- C:\Users\kkheng\AppData\Local\{3649C64B-90A4-477F-8DDE-840463817D94}
2012-05-11 01:12:11 -------- d-----w- C:\Users\kkheng\AppData\Local\{6865E1BC-FA34-4A09-A24E-15EB82978B94}
2012-05-10 04:21:39 -------- d-----w- C:\Program Files\Microsoft Lync
2012-05-10 04:21:33 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
2012-05-10 04:21:24 -------- d-----w- C:\Program Files (x86)\OCSetup
2012-05-10 00:26:41 -------- d-----w- C:\Users\kkheng\AppData\Local\{6ED0AE65-1979-46C9-B66B-8321C5B17FCD}
2012-05-10 00:25:22 -------- d-----w- C:\Users\kkheng\AppData\Local\{4E98A095-0CD7-40CE-8A79-5C51DB386B98}
2012-05-09 07:36:59 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-05-09 07:36:55 -------- d-----w- C:\Program Files\Soluto
2012-05-09 06:38:41 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll
2012-05-09 06:38:41 58288 ----a-w- C:\Windows\System32\snacnp.dll
2012-05-09 06:38:41 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2012-05-09 06:38:40 102832 ----a-w- C:\Windows\System32\FwsVpn.dll
2012-05-09 06:34:29 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64
2012-05-09 06:34:29 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
2012-05-09 06:34:29 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F
2012-05-09 06:34:29 -------- d-----w- C:\Windows\System32\drivers\SEP
2012-05-09 00:22:50 -------- d-----w- C:\Users\kkheng\AppData\Local\{663AC54A-B3E5-41FF-8F15-0A3990AD40C0}
2012-05-09 00:21:33 -------- d-----w- C:\Users\kkheng\AppData\Local\{65BA5739-A456-4337-9B9E-1719943F5587}
2012-05-08 03:36:32 -------- d-----w- C:\Users\kkheng\AppData\Local\{E9476FD9-1381-4118-9F27-73594F191775}
2012-05-08 03:34:32 -------- d-----w- C:\Users\kkheng\AppData\Local\{EA77F88B-9F93-4803-89D7-4CE2DE85298D}
2012-05-07 14:16:40 -------- d-----w- C:\Users\kkheng\AppData\Local\{3DD3365F-A833-429C-951C-1E80DB1CF231}
2012-05-07 14:15:22 -------- d-----w- C:\Users\kkheng\AppData\Local\{A924D579-4338-49FC-B01D-63EC5B632AE7}
2012-05-07 00:59:07 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-07 00:24:55 -------- d-----w- C:\Users\kkheng\AppData\Local\{F1C49C23-7D93-4FE9-A592-145583F476AB}
2012-05-07 00:23:33 -------- d-----w- C:\Users\kkheng\AppData\Local\{87E55F4B-E1A0-4573-B93C-BA3E791FDC52}
2012-05-04 00:48:04 -------- d-----w- C:\Users\kkheng\AppData\Local\{F943733F-DA75-49B1-ADFE-AE1C8ED7E2EB}
2012-05-04 00:47:53 -------- d-----w- C:\Users\kkheng\AppData\Local\{B415F250-3694-4657-AB2C-FB1F35B40586}
2012-05-03 00:31:50 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 00:31:46 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 00:31:46 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 00:24:57 -------- d-----w- C:\Users\kkheng\AppData\Local\{7CC87186-15DE-4336-A0F4-AA75701FC845}
2012-05-03 00:24:42 -------- d-----w- C:\Users\kkheng\AppData\Local\{7DFA5253-E26D-4CFB-A2CA-653341B5ACC6}
2012-05-02 00:26:52 -------- d-----w- C:\Users\kkheng\AppData\Local\{676F860E-60DA-4ED4-A064-C7E8B2B0DCCB}
2012-05-02 00:26:35 -------- d-----w- C:\Users\kkheng\AppData\Local\{FEF7EAC3-6E5F-4D52-94D1-271E15E564AF}
2012-04-30 10:26:28 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-04-30 09:22:42 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-04-30 09:22:42 48752 ----a-w- C:\Windows\System32\vnetinst.dll
2012-04-30 09:22:42 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-04-30 09:22:42 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-04-30 09:22:42 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-04-27 00:17:01 -------- d-----w- C:\Users\kkheng\AppData\Local\{87F38F85-B582-4D4A-8438-E019C73920BE}
2012-04-27 00:16:44 -------- d-----w- C:\Users\kkheng\AppData\Local\{838C31E7-86E6-43E4-8884-6B81C1095C09}
2012-04-26 00:23:54 -------- d-----w- C:\Users\kkheng\AppData\Local\{E2BF3350-2A32-4ED8-9FD2-248A86A62EC2}
2012-04-26 00:23:01 -------- d-----w- C:\Users\kkheng\AppData\Local\{CE520E3B-CD73-4726-BD1F-844A259BCEA9}
2012-04-25 00:21:27 -------- d-----w- C:\Users\kkheng\AppData\Local\{0C784942-D7A0-476A-9753-F4CF323FBFEB}
2012-04-25 00:20:09 -------- d-----w- C:\Users\kkheng\AppData\Local\{961075A7-4714-47EE-B2BD-BE18E5FB99DD}
2012-04-24 00:31:21 -------- d-----w- C:\Users\kkheng\AppData\Local\{3510AC05-B527-4D56-9B72-C5972E22C074}
2012-04-24 00:30:57 -------- d-----w- C:\Users\kkheng\AppData\Local\{D363DB7D-E4B5-417B-9138-9B47A1A5BF85}
2012-04-23 00:25:52 -------- d-----w- C:\Users\kkheng\AppData\Local\{149C0602-D5C6-4F03-AA9C-56B569423738}
2012-04-23 00:24:33 -------- d-----w- C:\Users\kkheng\AppData\Local\{65B23A57-5BEC-4A77-B602-47B61879F1BF}
2012-04-20 00:25:14 -------- d-----w- C:\Users\kkheng\AppData\Local\{ED571ACD-A501-4A49-95A2-A3CDA2A2562F}
2012-04-20 00:23:54 -------- d-----w- C:\Users\kkheng\AppData\Local\{AB688822-5DC7-4979-BA56-77908E065396}
2012-04-19 07:58:45 -------- d-----w- C:\Users\kkheng\AppData\Local\{0539EE30-6B1D-4676-A64E-84443D03407F}
2012-04-19 07:58:34 -------- d-----w- C:\Users\kkheng\AppData\Local\{9D7D7FDD-2DFF-4E01-B071-7AB87EBBA2C8}
2012-04-19 07:57:48 -------- d-----w- C:\Windows\en
2012-04-19 07:51:17 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3373bd521cd1e0101\DSETUP.dll
2012-04-19 07:51:17 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3373bd521cd1e0101\DXSETUP.exe
2012-04-19 07:51:17 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3373bd521cd1e0101\dsetup32.dll
2012-04-19 07:51:17 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\33c031971cd1e0102\MeshBetaRemover.exe
.
==================== Find3M ====================
.
2012-05-10 09:29:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 09:29:43 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-10 09:29:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-09 06:38:41 287152 ----a-w- C:\Windows\System32\SymVPN.dll
2012-05-09 06:35:58 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-07 00:58:59 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-08 10:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 10:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 10:08:04.49 ===============

Edited by iori_argami, 17 May 2012 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 18 May 2012 - 12:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 19 May 2012 - 01:02 AM

Hi,

Here's the log

Scan result of Farbar Recovery Scan Tool Version: 16-05-2012
Ran by SYSTEM at 19-05-2012 13:57:53
Running from H:\
Windows 7 Enterprise (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-12-15] (Hewlett-Packard)
HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [1690680 2009-12-15] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [288312 2009-09-02] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-11] (Hewlett-Packard)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-06] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2011-04-14] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [230696 2011-08-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12023568 2011-07-20] (Microsoft Corporation)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-04-30] (VMware, Inc.)
HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-19] (Hewlett-Packard Company)
HKU\EBS\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-19] (Hewlett-Packard Company)
HKU\kkheng\...\Run: [MFP and Storage Server] "C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe" /h [1925120 2010-03-25] (???????????)
HKU\kkheng\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-22] (Apple Inc.)
HKU\kkheng\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-23] (Apple Inc.)
HKU\kkheng\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
HKU\kkheng\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 CcmExec; C:\Windows\SysWOW64\CCM\CcmExec.exe [764768 2009-09-17] (Microsoft Corporation)
2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-08-23] ()
2 CyberLink PowerDVD 11.0 Monitor Service; "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" [75048 2011-08-25] (CyberLink)
2 CyberLink PowerDVD 11.0 Service; "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe" [292136 2011-08-25] (CyberLink)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2010-09-02] (Macrovision Europe Ltd.)
2 HP Power Assistant Service; "C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe" [102968 2009-12-15] (Hewlett-Packard)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2009-12-15] (Hewlett-Packard)
2 HPDayStarterService; "C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe" [90112 2010-05-09] (Hewlett-Packard Company)
2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2011-05-13] (Hewlett-Packard Company)
2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-09-22] (Nero AG)
2 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-06] (Cisco Systems, Inc.)
3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe /service [246624 2009-09-17] (Microsoft Corporation)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-01-19] (TeamViewer GmbH)
2 uArcCapture; C:\Windows\system\uArcCapture.exe [506472 2009-12-03] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-03] (Intel Corporation)
2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" [79872 2012-04-30] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
3 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-05-10] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
4 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe" /prefetch:1 [x]
4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company)
3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-03] (ArcSoft, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-13] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-13] (Symantec Corporation)
3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-05] ( )
3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-05] ( )
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-09] (Apple Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
2 ntk_PowerDVD; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-08-23] (Cyberlink Corp.)
2 pnarp; C:\Windows\System32\Drivers\pnarp.sys [33328 2009-07-06] (Cisco Systems, Inc.)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2010-08-15] (June Fabrics Technology Inc.)
3 prepdrvr; \??\C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-17] (Microsoft Corporation)
2 purendis; C:\Windows\System32\Drivers\purendis.sys [35376 2009-07-06] (Cisco Systems, Inc.)
3 RDPDISPM; C:\Windows\System32\Drivers\RDPDISPM.sys [10752 2010-08-30] (Microsoft Corporation)
2 vstor2-mntapi10-shared; C:\Windows\SysWow64\Drivers\vstor2-mntapi10-shared.sys [33392 2011-07-07] (VMware, Inc.)
2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-08-24] (CyberLink Corp.)
4 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx64.sys [x]
3 catchme; \??\C:\Combo-Fix\catchme.sys [x]
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
4 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120515.001\IDSvia64.sys [x]
4 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120515.017\ENG64.SYS [x]
4 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120515.017\EX64.SYS [x]
4 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [x]
4 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [x]
4 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
4 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-19 13:57 - 2012-05-19 13:58 - 0000000 ____D C:\FRST
2012-05-18 21:49 - 2012-05-18 21:49 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4CBE677A-73C3-4302-8830-E33579073420}
2012-05-18 21:47 - 2012-05-18 21:49 - 0000000 ____D C:\Users\kkheng\AppData\Local\{58063710-6591-473F-88C8-2756FBA02384}
2012-05-17 22:42 - 2012-05-17 22:43 - 0000497 ____A C:\Users\kkheng\Desktop\vmoprcmd.txt
2012-05-17 22:41 - 2012-05-17 22:42 - 0009642 ____A C:\Users\kkheng\Desktop\tpconfig.txt
2012-05-17 22:37 - 2012-05-17 22:38 - 1392549 ____A C:\Users\kkheng\Downloads\FRST64.exe
2012-05-17 20:39 - 2012-05-17 20:39 - 0000442 ____A C:\Windows\PFRO.log
2012-05-17 20:34 - 2012-05-17 20:48 - 0000000 ____D C:\Program Files (x86)\Trojan Remover
2012-05-17 20:34 - 2012-05-17 20:34 - 0000000 ____D C:\Users\kkheng\Documents\Simply Super Software
2012-05-17 20:07 - 2012-05-17 20:26 - 327302352 ____A (Kaspersky Lab) C:\Users\kkheng\Downloads\kes8.1.0.831_wksfswin_en.exe
2012-05-17 20:05 - 2012-05-17 20:05 - 0002586 ____N C:\Users\kkheng\Desktop\16C1228B.key
2012-05-17 19:54 - 2012-05-17 20:40 - 0000112 ____A C:\Windows\setupact.log
2012-05-17 19:54 - 2012-05-17 19:54 - 0000000 ____A C:\Windows\setuperr.log
2012-05-17 18:10 - 2012-05-17 18:10 - 0041404 ____A C:\Users\kkheng\Desktop\DDS.txt
2012-05-17 18:09 - 2012-05-17 18:09 - 0023134 ____A C:\Users\kkheng\Desktop\Attach.txt
2012-05-17 18:04 - 2012-05-17 18:04 - 0607260 ____R (Swearware) C:\Users\kkheng\Downloads\dds.scr
2012-05-17 17:50 - 2012-05-17 17:50 - 0000000 ____D C:\Program Files (x86)\DLLSuite
2012-05-17 17:42 - 2012-05-17 17:42 - 0000000 ____D C:\Users\kkheng\AppData\Local\SvchostViewer
2012-05-17 17:41 - 2012-05-17 17:42 - 0040538 ____A C:\Users\kkheng\Downloads\Svchost Viewer Ver 0.5.0.1.zip
2012-05-17 16:51 - 2012-05-17 16:52 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7776D0DD-A832-4E93-890A-424B5AF36EB6}
2012-05-17 16:51 - 2012-05-17 16:51 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7A9CB720-919F-46D5-84E5-86768D3C36E2}
2012-05-17 07:31 - 2012-05-17 20:49 - 0000000 ____D C:\Users\kkheng\Downloads\ProcessExplorer
2012-05-17 07:31 - 2012-05-17 07:31 - 1857786 ____A C:\Users\kkheng\Downloads\ProcessExplorer.zip
2012-05-17 00:52 - 2012-05-17 00:52 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-17 00:34 - 2012-05-17 00:35 - 0388608 ____A (Trend Micro Inc.) C:\Users\kkheng\Downloads\HijackThis.exe
2012-05-17 00:13 - 2012-05-17 00:13 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-17 00:08 - 2012-05-17 00:08 - 0023690 ____A C:\ComboFix1.txt
2012-05-16 23:51 - 2012-05-17 00:08 - 0000000 ____D C:\Qoobox
2012-05-16 23:51 - 2012-05-17 00:06 - 0000000 ____D C:\Windows\ERDNT
2012-05-16 23:51 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-16 23:51 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-16 23:51 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-16 23:51 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-16 23:51 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-16 23:51 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-16 23:51 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-16 23:51 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-16 23:23 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-16 23:23 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-16 23:23 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-16 23:23 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-16 23:22 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-16 23:22 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-16 23:22 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-16 23:22 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-16 23:22 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-16 23:22 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-16 23:22 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-16 23:22 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-16 23:22 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-16 23:22 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-16 23:22 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 23:22 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-16 23:22 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-16 23:22 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-16 23:22 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-16 23:22 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-16 23:22 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-16 23:22 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-16 23:22 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-16 23:22 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-16 23:22 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-16 23:22 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 23:08 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-16 23:08 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-16 23:08 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-16 23:08 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-16 23:08 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-16 23:08 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-16 23:08 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-16 22:51 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-16 22:51 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-16 22:51 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-16 22:51 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-16 22:51 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-16 22:51 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-16 22:51 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-05-16 22:51 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-05-16 22:51 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-05-16 22:51 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-05-16 22:51 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-05-16 22:51 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-05-16 22:51 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-05-16 22:51 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-16 22:51 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-16 22:51 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-16 22:51 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-05-16 22:51 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-16 22:51 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-16 22:51 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-16 22:51 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-16 22:51 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-05-16 22:51 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-05-16 22:51 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-05-16 22:51 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-05-16 22:51 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-16 22:51 - 2011-11-04 21:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-16 22:51 - 2011-11-04 20:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-05-16 22:51 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-16 22:51 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-16 22:51 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-05-16 22:51 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-16 22:50 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-16 22:50 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-16 22:50 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-16 22:50 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-16 22:50 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-05-16 22:50 - 2011-10-25 21:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-16 22:49 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-16 22:47 - 2012-05-16 22:47 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Malwarebytes
2012-05-16 22:47 - 2012-05-16 22:47 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-16 22:47 - 2012-05-16 22:47 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-16 22:47 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-16 22:47 - 2012-02-16 22:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-05-16 22:47 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-16 22:47 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-05-16 22:47 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-16 22:47 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-05-16 22:47 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-16 22:47 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-16 22:47 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-16 22:47 - 2011-10-14 22:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-16 22:47 - 2011-10-14 21:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-05-16 22:23 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-16 22:23 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-05-16 19:29 - 2012-05-16 19:29 - 0000000 ____A C:\Users\kkheng\AppData\Roaming\pkWyq.txt
2012-05-16 18:55 - 2012-05-16 18:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{81A6A03C-FC73-4183-8FE1-C013262A3F8A}
2012-05-16 18:55 - 2012-05-16 18:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{79D694FD-7489-4A99-981F-40BE80E118CE}
2012-05-16 06:54 - 2012-05-16 06:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{EF317EA1-669A-4BC1-9FCD-4C41AEA354D0}
2012-05-16 06:53 - 2012-05-16 06:54 - 0000000 ____D C:\Users\kkheng\AppData\Local\{39B92751-A6F5-4659-8BC2-308004CA25D9}
2012-05-15 16:42 - 2012-05-15 16:42 - 0000000 ____D C:\Users\kkheng\AppData\Local\{411C10DC-9514-4E3C-8B3E-11351C668733}
2012-05-15 16:42 - 2012-05-15 16:42 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3ABD2741-222B-4A8E-AD74-B0C18BA521B6}
2012-05-10 19:10 - 2012-04-30 04:42 - 0942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-05-10 19:10 - 2012-04-30 04:42 - 0433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-05-10 19:10 - 2012-04-30 04:42 - 0354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-05-10 19:10 - 2012-04-30 04:42 - 0063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-05-10 19:10 - 2012-04-30 04:40 - 0030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-05-10 19:09 - 2012-05-10 19:09 - 0002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
2012-05-10 19:08 - 2012-05-10 19:08 - 0000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-05-10 19:07 - 2012-05-10 19:07 - 0000000 ____D C:\Program Files\Common Files\VMware
2012-05-10 18:22 - 2012-05-10 18:30 - 491232944 ____A (VMware, Inc.) C:\Users\kkheng\Downloads\VMware-workstation-full-8.0.3-703057.exe
2012-05-10 17:12 - 2012-05-10 17:12 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6865E1BC-FA34-4A09-A24E-15EB82978B94}
2012-05-10 17:12 - 2012-05-10 17:12 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3649C64B-90A4-477F-8DDE-840463817D94}
2012-05-09 20:21 - 2012-05-10 01:35 - 0000000 ____D C:\Program Files\Microsoft Lync
2012-05-09 20:21 - 2012-05-10 01:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Lync
2012-05-09 20:21 - 2012-05-09 20:21 - 0000000 ____D C:\Program Files (x86)\OCSetup
2012-05-09 19:38 - 2012-05-09 19:38 - 1381496 ____A C:\Users\kkheng\Downloads\437559_intl_x64_zip.exe
2012-05-09 16:26 - 2012-05-09 16:27 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6ED0AE65-1979-46C9-B66B-8321C5B17FCD}
2012-05-09 16:25 - 2012-05-09 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4E98A095-0CD7-40CE-8A79-5C51DB386B98}
2012-05-08 23:53 - 2012-05-09 00:23 - 691925676 ____A C:\Users\kkheng\Downloads\ME Infiltrator-v1.0.3-aenea.ipa
2012-05-08 23:36 - 2012-05-17 20:13 - 0000000 ____D C:\Program Files\Soluto
2012-05-08 22:38 - 2012-05-08 22:38 - 0102832 ____A (Symantec Corporation) C:\Windows\System32\FwsVpn.dll
2012-05-08 22:38 - 2012-05-08 22:38 - 0058288 ____A (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2012-05-08 22:38 - 2012-05-08 22:38 - 0058288 ____A (Symantec Corporation) C:\Windows\System32\snacnp.dll
2012-05-08 22:38 - 2012-05-08 22:38 - 0042632 ____A (Symantec Corporation) C:\Windows\System32\Drivers\WGX64.SYS
2012-05-08 22:34 - 2012-05-08 22:34 - 0000000 ____D C:\Windows\System32\Drivers\SEP
2012-05-08 16:22 - 2012-05-08 16:23 - 0000000 ____D C:\Users\kkheng\AppData\Local\{663AC54A-B3E5-41FF-8F15-0A3990AD40C0}
2012-05-08 16:21 - 2012-05-08 16:22 - 0000000 ____D C:\Users\kkheng\AppData\Local\{65BA5739-A456-4337-9B9E-1719943F5587}
2012-05-07 19:36 - 2012-05-07 19:36 - 0000000 ____D C:\Users\kkheng\AppData\Local\{E9476FD9-1381-4118-9F27-73594F191775}
2012-05-07 19:34 - 2012-05-07 19:36 - 0000000 ____D C:\Users\kkheng\AppData\Local\{EA77F88B-9F93-4803-89D7-4CE2DE85298D}
2012-05-07 06:16 - 2012-05-07 06:16 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3DD3365F-A833-429C-951C-1E80DB1CF231}
2012-05-07 06:15 - 2012-05-07 06:16 - 0000000 ____D C:\Users\kkheng\AppData\Local\{A924D579-4338-49FC-B01D-63EC5B632AE7}
2012-05-06 16:59 - 2012-05-06 16:59 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-06 16:59 - 2012-05-06 16:59 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-06 16:59 - 2012-05-06 16:59 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-06 16:59 - 2012-05-06 16:58 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-06 16:58 - 2012-05-06 16:58 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-06 16:24 - 2012-05-06 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F1C49C23-7D93-4FE9-A592-145583F476AB}
2012-05-06 16:23 - 2012-05-06 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{87E55F4B-E1A0-4573-B93C-BA3E791FDC52}
2012-05-03 16:48 - 2012-05-03 16:48 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F943733F-DA75-49B1-ADFE-AE1C8ED7E2EB}
2012-05-03 16:47 - 2012-05-03 16:48 - 0000000 ____D C:\Users\kkheng\AppData\Local\{B415F250-3694-4657-AB2C-FB1F35B40586}
2012-05-03 01:28 - 2012-05-03 01:28 - 0000000 ____D C:\Users\kkheng\Downloads\Profwiz3
2012-05-03 01:27 - 2012-05-03 01:27 - 0309357 ____A C:\Users\kkheng\Downloads\Profwiz3.zip
2012-05-02 18:21 - 2012-05-02 18:29 - 57393504 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\SQLEXPR.EXE
2012-05-02 16:31 - 2012-05-02 16:31 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-02 16:31 - 2012-05-02 16:31 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-02 16:31 - 2012-05-02 16:31 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 16:24 - 2012-05-02 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7CC87186-15DE-4336-A0F4-AA75701FC845}
2012-05-02 16:24 - 2012-05-02 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7DFA5253-E26D-4CFB-A2CA-653341B5ACC6}
2012-05-01 19:43 - 2012-05-01 19:45 - 12337752 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\rktools.exe
2012-05-01 16:26 - 2012-05-01 16:27 - 0000000 ____D C:\Users\kkheng\AppData\Local\{676F860E-60DA-4ED4-A064-C7E8B2B0DCCB}
2012-05-01 16:26 - 2012-05-01 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{FEF7EAC3-6E5F-4D52-94D1-271E15E564AF}
2012-04-30 02:26 - 2012-04-30 02:26 - 0252016 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-04-30 01:22 - 2012-04-30 01:22 - 0062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-04-30 01:22 - 2012-04-30 01:22 - 0048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-04-30 01:22 - 2012-04-30 01:22 - 0045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-04-30 01:22 - 2012-04-30 01:22 - 0024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-04-30 01:22 - 2012-04-30 01:22 - 0020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-04-26 16:17 - 2012-04-26 16:17 - 0000000 ____D C:\Users\kkheng\AppData\Local\{87F38F85-B582-4D4A-8438-E019C73920BE}
2012-04-26 16:16 - 2012-04-26 16:16 - 0000000 ____D C:\Users\kkheng\AppData\Local\{838C31E7-86E6-43E4-8884-6B81C1095C09}
2012-04-26 01:49 - 2012-04-26 01:49 - 0267424 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\netdiag_setup.exe
2012-04-26 01:49 - 2012-04-26 01:49 - 0191640 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\dcdiag_setup.exe
2012-04-25 19:23 - 2012-04-25 19:23 - 0066226 ____A C:\Users\kkheng\Downloads\BE2011_submit_830823015063.pdf
2012-04-25 19:23 - 2012-04-25 19:23 - 0041313 ____A C:\Users\kkheng\Downloads\slip_830823015063.pdf
2012-04-25 16:23 - 2012-04-25 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{E2BF3350-2A32-4ED8-9FD2-248A86A62EC2}
2012-04-25 16:23 - 2012-04-25 16:23 - 0000000 ____D C:\Users\kkheng\AppData\Local\{CE520E3B-CD73-4726-BD1F-844A259BCEA9}
2012-04-24 16:21 - 2012-04-24 16:21 - 0000000 ____D C:\Users\kkheng\AppData\Local\{0C784942-D7A0-476A-9753-F4CF323FBFEB}
2012-04-24 16:20 - 2012-04-24 16:21 - 0000000 ____D C:\Users\kkheng\AppData\Local\{961075A7-4714-47EE-B2BD-BE18E5FB99DD}
2012-04-23 16:31 - 2012-04-23 16:31 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3510AC05-B527-4D56-9B72-C5972E22C074}
2012-04-23 16:30 - 2012-04-23 16:31 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D363DB7D-E4B5-417B-9138-9B47A1A5BF85}
2012-04-22 16:25 - 2012-04-22 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{149C0602-D5C6-4F03-AA9C-56B569423738}
2012-04-22 16:24 - 2012-04-22 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{65B23A57-5BEC-4A77-B602-47B61879F1BF}
2012-04-19 19:54 - 2012-04-19 19:55 - 1250960 ____A () C:\Users\kkheng\Downloads\ipscan-win64-3.0-beta6.exe
2012-04-19 16:25 - 2012-04-19 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{ED571ACD-A501-4A49-95A2-A3CDA2A2562F}
2012-04-19 16:23 - 2012-04-19 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{AB688822-5DC7-4979-BA56-77908E065396}

============ 3 Months Modified Files and Folders =============

2012-05-19 13:58 - 2012-05-19 13:57 - 0000000 ____D C:\FRST
2012-05-18 21:55 - 2010-11-21 18:54 - 0000000 ____D C:\Users\kkheng\Documents\Outlook Files
2012-05-18 21:55 - 2009-07-13 20:45 - 0015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-18 21:55 - 2009-07-13 20:45 - 0015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-18 21:54 - 2010-08-19 23:27 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-05-18 21:49 - 2012-05-18 21:49 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4CBE677A-73C3-4302-8830-E33579073420}
2012-05-18 21:49 - 2012-05-18 21:47 - 0000000 ____D C:\Users\kkheng\AppData\Local\{58063710-6591-473F-88C8-2756FBA02384}
2012-05-18 21:49 - 2010-10-18 21:35 - 0000000 ____D C:\Users\kkheng\AppData\Local\Windows Live
2012-05-18 21:47 - 2012-01-17 19:10 - 0000000 ____D C:\Users\kkheng\AppData\Local\A566A12E-E7AD-48AC-ABBE-30761605863E.aplzod
2012-05-18 21:47 - 2010-08-16 00:00 - 1376589 ____A C:\Windows\WindowsUpdate.log
2012-05-18 00:11 - 2010-08-21 00:43 - 0750870 ____A C:\Windows\System32\perfh00A.dat
2012-05-18 00:11 - 2010-08-21 00:43 - 0160264 ____A C:\Windows\System32\perfc00A.dat
2012-05-18 00:11 - 2010-08-21 00:34 - 0702310 ____A C:\Windows\System32\perfh007.dat
2012-05-18 00:11 - 2010-08-21 00:34 - 0150722 ____A C:\Windows\System32\perfc007.dat
2012-05-18 00:11 - 2010-08-21 00:25 - 0423352 ____A C:\Windows\System32\perfh011.dat
2012-05-18 00:11 - 2010-08-21 00:25 - 0124134 ____A C:\Windows\System32\perfc011.dat
2012-05-18 00:11 - 2010-08-20 23:38 - 0040764 ____A C:\Windows\System32\prfh0404.dat
2012-05-18 00:11 - 2010-08-20 23:38 - 0024658 ____A C:\Windows\System32\prfc0404.dat
2012-05-18 00:11 - 2010-08-20 23:28 - 0039632 ____A C:\Windows\System32\prfh0804.dat
2012-05-18 00:11 - 2010-08-20 23:28 - 0024658 ____A C:\Windows\System32\prfc0804.dat
2012-05-18 00:11 - 2010-08-20 20:51 - 0514868 ____A C:\Windows\System32\perfh006.dat
2012-05-18 00:11 - 2010-08-20 20:51 - 0434946 ____A C:\Windows\System32\perfh012.dat
2012-05-18 00:11 - 2010-08-20 20:51 - 0122422 ____A C:\Windows\System32\perfc012.dat
2012-05-18 00:11 - 2010-08-20 20:51 - 0100412 ____A C:\Windows\System32\perfc006.dat
2012-05-18 00:11 - 2010-08-20 20:51 - 0064850 ____A C:\Windows\System32\perfh01F.dat
2012-05-18 00:11 - 2010-08-20 20:51 - 0027710 ____A C:\Windows\System32\perfc01F.dat
2012-05-18 00:11 - 2010-08-20 08:34 - 0068762 ____A C:\Windows\System32\prfh0816.dat
2012-05-18 00:11 - 2010-08-20 08:34 - 0028334 ____A C:\Windows\System32\prfc0816.dat
2012-05-18 00:11 - 2010-08-20 08:25 - 0071668 ____A C:\Windows\System32\perfh013.dat
2012-05-18 00:11 - 2010-08-20 08:25 - 0029340 ____A C:\Windows\System32\perfc013.dat
2012-05-18 00:11 - 2010-08-20 08:15 - 0745562 ____A C:\Windows\System32\perfh010.dat
2012-05-18 00:11 - 2010-08-20 08:15 - 0148728 ____A C:\Windows\System32\perfc010.dat
2012-05-18 00:11 - 2009-07-13 21:13 - 5456836 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-17 22:43 - 2012-05-17 22:42 - 0000497 ____A C:\Users\kkheng\Desktop\vmoprcmd.txt
2012-05-17 22:42 - 2012-05-17 22:41 - 0009642 ____A C:\Users\kkheng\Desktop\tpconfig.txt
2012-05-17 22:38 - 2012-05-17 22:37 - 1392549 ____A C:\Users\kkheng\Downloads\FRST64.exe
2012-05-17 20:49 - 2012-05-17 07:31 - 0000000 ____D C:\Users\kkheng\Downloads\ProcessExplorer
2012-05-17 20:48 - 2012-05-17 20:34 - 0000000 ____D C:\Program Files (x86)\Trojan Remover
2012-05-17 20:46 - 2010-09-19 19:53 - 0000474 ____A C:\Windows\SMSCFG.ini
2012-05-17 20:42 - 2010-08-22 19:05 - 0000000 ____D C:\Users\All Users\VMware
2012-05-17 20:42 - 2010-08-22 19:05 - 0000000 ____D C:\ProgramData\VMware
2012-05-17 20:40 - 2012-05-17 19:54 - 0000112 ____A C:\Windows\setupact.log
2012-05-17 20:40 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-17 20:39 - 2012-05-17 20:39 - 0000442 ____A C:\Windows\PFRO.log
2012-05-17 20:39 - 2010-08-16 15:54 - 4143374336 __ASH C:\hiberfil.sys
2012-05-17 20:34 - 2012-05-17 20:34 - 0000000 ____D C:\Users\kkheng\Documents\Simply Super Software
2012-05-17 20:26 - 2012-05-17 20:07 - 327302352 ____A (Kaspersky Lab) C:\Users\kkheng\Downloads\kes8.1.0.831_wksfswin_en.exe
2012-05-17 20:13 - 2012-05-08 23:36 - 0000000 ____D C:\Program Files\Soluto
2012-05-17 20:13 - 2011-04-26 20:38 - 0000000 ____D C:\Users\All Users\Soluto
2012-05-17 20:13 - 2011-04-26 20:38 - 0000000 ____D C:\ProgramData\Soluto
2012-05-17 20:05 - 2012-05-17 20:05 - 0002586 ____N C:\Users\kkheng\Desktop\16C1228B.key
2012-05-17 19:54 - 2012-05-17 19:54 - 0000000 ____A C:\Windows\setuperr.log
2012-05-17 18:10 - 2012-05-17 18:10 - 0041404 ____A C:\Users\kkheng\Desktop\DDS.txt
2012-05-17 18:09 - 2012-05-17 18:09 - 0023134 ____A C:\Users\kkheng\Desktop\Attach.txt
2012-05-17 18:04 - 2012-05-17 18:04 - 0607260 ____R (Swearware) C:\Users\kkheng\Downloads\dds.scr
2012-05-17 17:50 - 2012-05-17 17:50 - 0000000 ____D C:\Program Files (x86)\DLLSuite
2012-05-17 17:42 - 2012-05-17 17:42 - 0000000 ____D C:\Users\kkheng\AppData\Local\SvchostViewer
2012-05-17 17:42 - 2012-05-17 17:41 - 0040538 ____A C:\Users\kkheng\Downloads\Svchost Viewer Ver 0.5.0.1.zip
2012-05-17 17:22 - 2010-09-28 08:08 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Media Player Classic
2012-05-17 16:52 - 2012-05-17 16:51 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7776D0DD-A832-4E93-890A-424B5AF36EB6}
2012-05-17 16:51 - 2012-05-17 16:51 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7A9CB720-919F-46D5-84E5-86768D3C36E2}
2012-05-17 07:31 - 2012-05-17 07:31 - 1857786 ____A C:\Users\kkheng\Downloads\ProcessExplorer.zip
2012-05-17 00:52 - 2012-05-17 00:52 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-17 00:44 - 2012-02-27 05:08 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Skype
2012-05-17 00:35 - 2012-05-17 00:34 - 0388608 ____A (Trend Micro Inc.) C:\Users\kkheng\Downloads\HijackThis.exe
2012-05-17 00:13 - 2012-05-17 00:13 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-17 00:08 - 2012-05-17 00:08 - 0023690 ____A C:\ComboFix1.txt
2012-05-17 00:08 - 2012-05-16 23:51 - 0000000 ____D C:\Qoobox
2012-05-17 00:08 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-05-17 00:06 - 2012-05-16 23:51 - 0000000 ____D C:\Windows\ERDNT
2012-05-17 00:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-17 00:05 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-17 00:04 - 2011-04-05 00:07 - 0000000 ____D C:\users\TEMP.ALPHAMATIC
2012-05-17 00:04 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-16 23:44 - 2010-08-19 22:02 - 0000174 ___SH C:\Users\kkheng\Start Menu\Programs\Startup\desktop.ini
2012-05-16 23:44 - 2010-08-19 22:02 - 0000174 ___SH C:\Users\kkheng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-05-16 23:41 - 2010-08-18 22:59 - 0000136 ____A C:\Windows\System32\config\netlogon.ftl
2012-05-16 23:41 - 2009-07-13 20:45 - 2356752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-16 23:40 - 2010-08-19 23:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-05-16 23:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-05-16 23:36 - 2009-07-13 23:24 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-16 23:35 - 2010-08-16 00:11 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-16 23:35 - 2010-08-16 00:11 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-16 23:29 - 2010-08-22 17:41 - 0000039 ____A C:\Windows\vbaddin.ini
2012-05-16 23:29 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-05-16 23:15 - 2010-09-19 19:54 - 5400718 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-16 23:04 - 2010-08-20 06:41 - 0000000 ____D C:\Users\kkheng\AppData\Local\ElevatedDiagnostics
2012-05-16 22:47 - 2012-05-16 22:47 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Malwarebytes
2012-05-16 22:47 - 2012-05-16 22:47 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-16 22:47 - 2012-05-16 22:47 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-16 22:36 - 2010-09-08 19:24 - 0000000 ____D C:\Users\kkheng\Warcraft III
2012-05-16 21:21 - 2010-08-21 09:21 - 0000000 ____D C:\Users\kkheng\Documents\My Received Files
2012-05-16 19:29 - 2012-05-16 19:29 - 0000000 ____A C:\Users\kkheng\AppData\Roaming\pkWyq.txt
2012-05-16 19:02 - 2010-08-21 09:21 - 0000000 ____D C:\Users\kkheng\Documents\Alphamatic
2012-05-16 18:55 - 2012-05-16 18:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{81A6A03C-FC73-4183-8FE1-C013262A3F8A}
2012-05-16 18:55 - 2012-05-16 18:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{79D694FD-7489-4A99-981F-40BE80E118CE}
2012-05-16 06:55 - 2012-05-16 06:54 - 0000000 ____D C:\Users\kkheng\AppData\Local\{EF317EA1-669A-4BC1-9FCD-4C41AEA354D0}
2012-05-16 06:54 - 2012-05-16 06:53 - 0000000 ____D C:\Users\kkheng\AppData\Local\{39B92751-A6F5-4659-8BC2-308004CA25D9}
2012-05-16 01:06 - 2010-08-24 17:09 - 0001986 ___AH C:\Users\kkheng\Documents\Default.rdp
2012-05-15 23:05 - 2010-08-22 19:05 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\VMware
2012-05-15 23:05 - 2010-08-22 19:04 - 0000000 ____D C:\Users\kkheng\AppData\Local\VMware
2012-05-15 22:29 - 2011-04-13 20:35 - 0000000 ____D C:\Users\kkheng\Documents\Virtual Machines
2012-05-15 16:42 - 2012-05-15 16:42 - 0000000 ____D C:\Users\kkheng\AppData\Local\{411C10DC-9514-4E3C-8B3E-11351C668733}
2012-05-15 16:42 - 2012-05-15 16:42 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3ABD2741-222B-4A8E-AD74-B0C18BA521B6}
2012-05-10 23:38 - 2010-08-19 23:24 - 0000000 ____D C:\Users\kkheng\Tracing
2012-05-10 19:09 - 2012-05-10 19:09 - 0002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
2012-05-10 19:09 - 2010-08-22 18:57 - 0001024 ____A C:\.rnd
2012-05-10 19:08 - 2012-05-10 19:08 - 0000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-05-10 19:08 - 2010-08-22 18:55 - 0000000 ____D C:\Program Files (x86)\VMware
2012-05-10 19:07 - 2012-05-10 19:07 - 0000000 ____D C:\Program Files\Common Files\VMware
2012-05-10 18:30 - 2012-05-10 18:22 - 491232944 ____A (VMware, Inc.) C:\Users\kkheng\Downloads\VMware-workstation-full-8.0.3-703057.exe
2012-05-10 17:12 - 2012-05-10 17:12 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6865E1BC-FA34-4A09-A24E-15EB82978B94}
2012-05-10 17:12 - 2012-05-10 17:12 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3649C64B-90A4-477F-8DDE-840463817D94}
2012-05-10 01:35 - 2012-05-09 20:21 - 0000000 ____D C:\Program Files\Microsoft Lync
2012-05-10 01:35 - 2012-05-09 20:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Lync
2012-05-10 01:29 - 2012-04-04 18:29 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-10 01:29 - 2012-04-04 18:00 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-10 01:29 - 2011-05-13 07:09 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-10 01:17 - 2010-08-19 22:02 - 0000000 ____D C:\users\kkheng
2012-05-09 20:21 - 2012-05-09 20:21 - 0000000 ____D C:\Program Files (x86)\OCSetup
2012-05-09 19:38 - 2012-05-09 19:38 - 1381496 ____A C:\Users\kkheng\Downloads\437559_intl_x64_zip.exe
2012-05-09 16:27 - 2012-05-09 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6ED0AE65-1979-46C9-B66B-8321C5B17FCD}
2012-05-09 16:26 - 2012-05-09 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4E98A095-0CD7-40CE-8A79-5C51DB386B98}
2012-05-09 00:23 - 2012-05-08 23:53 - 691925676 ____A C:\Users\kkheng\Downloads\ME Infiltrator-v1.0.3-aenea.ipa
2012-05-08 23:35 - 2010-08-19 23:27 - 0000000 ____D C:\Users\All Users\Symantec
2012-05-08 23:35 - 2010-08-19 23:27 - 0000000 ____D C:\ProgramData\Symantec
2012-05-08 23:35 - 2010-08-19 23:27 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-05-08 22:38 - 2012-05-08 22:38 - 0102832 ____A (Symantec Corporation) C:\Windows\System32\FwsVpn.dll
2012-05-08 22:38 - 2012-05-08 22:38 - 0058288 ____A (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2012-05-08 22:38 - 2012-05-08 22:38 - 0058288 ____A (Symantec Corporation) C:\Windows\System32\snacnp.dll
2012-05-08 22:38 - 2012-05-08 22:38 - 0042632 ____A (Symantec Corporation) C:\Windows\System32\Drivers\WGX64.SYS
2012-05-08 22:38 - 2009-09-17 02:36 - 0287152 ____A (Symantec Corporation) C:\Windows\System32\SymVPN.dll
2012-05-08 22:34 - 2012-05-08 22:34 - 0000000 ____D C:\Windows\System32\Drivers\SEP
2012-05-08 16:23 - 2012-05-08 16:22 - 0000000 ____D C:\Users\kkheng\AppData\Local\{663AC54A-B3E5-41FF-8F15-0A3990AD40C0}
2012-05-08 16:22 - 2012-05-08 16:21 - 0000000 ____D C:\Users\kkheng\AppData\Local\{65BA5739-A456-4337-9B9E-1719943F5587}
2012-05-07 19:36 - 2012-05-07 19:36 - 0000000 ____D C:\Users\kkheng\AppData\Local\{E9476FD9-1381-4118-9F27-73594F191775}
2012-05-07 19:36 - 2012-05-07 19:34 - 0000000 ____D C:\Users\kkheng\AppData\Local\{EA77F88B-9F93-4803-89D7-4CE2DE85298D}
2012-05-07 06:16 - 2012-05-07 06:16 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3DD3365F-A833-429C-951C-1E80DB1CF231}
2012-05-07 06:16 - 2012-05-07 06:15 - 0000000 ____D C:\Users\kkheng\AppData\Local\{A924D579-4338-49FC-B01D-63EC5B632AE7}
2012-05-06 16:59 - 2012-05-06 16:59 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-06 16:59 - 2012-05-06 16:59 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-06 16:59 - 2012-05-06 16:59 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-06 16:58 - 2012-05-06 16:59 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-06 16:58 - 2012-05-06 16:58 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-06 16:58 - 2011-06-07 05:56 - 0472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-06 16:25 - 2012-05-06 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F1C49C23-7D93-4FE9-A592-145583F476AB}
2012-05-06 16:24 - 2012-05-06 16:23 - 0000000 ____D C:\Users\kkheng\AppData\Local\{87E55F4B-E1A0-4573-B93C-BA3E791FDC52}
2012-05-03 16:48 - 2012-05-03 16:48 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F943733F-DA75-49B1-ADFE-AE1C8ED7E2EB}
2012-05-03 16:48 - 2012-05-03 16:47 - 0000000 ____D C:\Users\kkheng\AppData\Local\{B415F250-3694-4657-AB2C-FB1F35B40586}
2012-05-03 16:31 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-05-03 01:28 - 2012-05-03 01:28 - 0000000 ____D C:\Users\kkheng\Downloads\Profwiz3
2012-05-03 01:27 - 2012-05-03 01:27 - 0309357 ____A C:\Users\kkheng\Downloads\Profwiz3.zip
2012-05-02 18:29 - 2012-05-02 18:21 - 57393504 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\SQLEXPR.EXE
2012-05-02 16:31 - 2012-05-02 16:31 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-02 16:31 - 2012-05-02 16:31 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-02 16:31 - 2012-05-02 16:31 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 16:31 - 2010-08-22 18:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-02 16:25 - 2012-05-02 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7CC87186-15DE-4336-A0F4-AA75701FC845}
2012-05-02 16:24 - 2012-05-02 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7DFA5253-E26D-4CFB-A2CA-653341B5ACC6}
2012-05-01 19:45 - 2012-05-01 19:43 - 12337752 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\rktools.exe
2012-05-01 16:27 - 2012-05-01 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{676F860E-60DA-4ED4-A064-C7E8B2B0DCCB}
2012-05-01 16:26 - 2012-05-01 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{FEF7EAC3-6E5F-4D52-94D1-271E15E564AF}
2012-04-30 04:42 - 2012-05-10 19:10 - 0942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-04-30 04:42 - 2012-05-10 19:10 - 0433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-04-30 04:42 - 2012-05-10 19:10 - 0354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-04-30 04:42 - 2012-05-10 19:10 - 0063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-04-30 04:40 - 2012-05-10 19:10 - 0030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-04-30 02:26 - 2012-04-30 02:26 - 0252016 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-04-30 01:22 - 2012-04-30 01:22 - 0062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-04-30 01:22 - 2012-04-30 01:22 - 0048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-04-30 01:22 - 2012-04-30 01:22 - 0045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-04-30 01:22 - 2012-04-30 01:22 - 0024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-04-30 01:22 - 2012-04-30 01:22 - 0020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-04-26 22:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-26 22:46 - 2010-10-27 18:14 - 0000000 ____D C:\Users\kkheng\Downloads\OCS 2007 R2 Patch
2012-04-26 16:17 - 2012-04-26 16:17 - 0000000 ____D C:\Users\kkheng\AppData\Local\{87F38F85-B582-4D4A-8438-E019C73920BE}
2012-04-26 16:16 - 2012-04-26 16:16 - 0000000 ____D C:\Users\kkheng\AppData\Local\{838C31E7-86E6-43E4-8884-6B81C1095C09}
2012-04-26 04:03 - 2010-08-16 19:22 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-26 01:49 - 2012-04-26 01:49 - 0267424 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\netdiag_setup.exe
2012-04-26 01:49 - 2012-04-26 01:49 - 0191640 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\dcdiag_setup.exe
2012-04-25 19:23 - 2012-04-25 19:23 - 0066226 ____A C:\Users\kkheng\Downloads\BE2011_submit_830823015063.pdf
2012-04-25 19:23 - 2012-04-25 19:23 - 0041313 ____A C:\Users\kkheng\Downloads\slip_830823015063.pdf
2012-04-25 16:24 - 2012-04-25 16:23 - 0000000 ____D C:\Users\kkheng\AppData\Local\{E2BF3350-2A32-4ED8-9FD2-248A86A62EC2}
2012-04-25 16:23 - 2012-04-25 16:23 - 0000000 ____D C:\Users\kkheng\AppData\Local\{CE520E3B-CD73-4726-BD1F-844A259BCEA9}
2012-04-24 16:21 - 2012-04-24 16:21 - 0000000 ____D C:\Users\kkheng\AppData\Local\{0C784942-D7A0-476A-9753-F4CF323FBFEB}
2012-04-24 16:21 - 2012-04-24 16:20 - 0000000 ____D C:\Users\kkheng\AppData\Local\{961075A7-4714-47EE-B2BD-BE18E5FB99DD}
2012-04-23 19:40 - 2010-08-23 05:50 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Apple Computer
2012-04-23 19:40 - 2010-08-23 05:50 - 0000000 ____D C:\Users\kkheng\AppData\Local\Apple Computer
2012-04-23 16:31 - 2012-04-23 16:31 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3510AC05-B527-4D56-9B72-C5972E22C074}
2012-04-23 16:31 - 2012-04-23 16:30 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D363DB7D-E4B5-417B-9138-9B47A1A5BF85}
2012-04-22 16:26 - 2012-04-22 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{149C0602-D5C6-4F03-AA9C-56B569423738}
2012-04-22 16:25 - 2012-04-22 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{65B23A57-5BEC-4A77-B602-47B61879F1BF}
2012-04-19 19:55 - 2012-04-19 19:54 - 1250960 ____A () C:\Users\kkheng\Downloads\ipscan-win64-3.0-beta6.exe
2012-04-19 19:55 - 2010-08-19 22:02 - 0000000 ____D C:\Users\kkheng\AppData\Local\VirtualStore
2012-04-19 16:25 - 2012-04-19 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{ED571ACD-A501-4A49-95A2-A3CDA2A2562F}
2012-04-19 16:25 - 2012-04-19 16:23 - 0000000 ____D C:\Users\kkheng\AppData\Local\{AB688822-5DC7-4979-BA56-77908E065396}
2012-04-18 23:58 - 2012-04-18 23:58 - 0000000 ____D C:\Users\kkheng\AppData\Local\{9D7D7FDD-2DFF-4E01-B071-7AB87EBBA2C8}
2012-04-18 23:58 - 2012-04-18 23:58 - 0000000 ____D C:\Users\kkheng\AppData\Local\{0539EE30-6B1D-4676-A64E-84443D03407F}
2012-04-18 23:57 - 2012-04-18 23:57 - 0000000 ____D C:\Windows\en
2012-04-18 23:55 - 2010-08-19 23:19 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-16 18:42 - 2012-04-16 18:42 - 4325656 ____A (Microsoft Corporation) C:\Users\kkheng\Downloads\admtsetup32.exe
2012-04-16 18:13 - 2012-04-16 18:13 - 0074939 ____A C:\Users\kkheng\Downloads\KeysExport.xml
2012-04-16 17:17 - 2012-04-16 17:17 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6C1D53F0-8A36-4E6D-B116-00FE24A92655}
2012-04-16 17:17 - 2012-04-16 17:16 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3EE1F5C9-8368-4696-86CC-9D5C82317E92}
2012-04-12 16:29 - 2012-04-12 16:28 - 0000000 ____D C:\Users\kkheng\AppData\Local\{BF99F353-CA7F-4A50-A832-EDDC2CAFFEF3}
2012-04-11 19:08 - 2012-04-11 19:08 - 7717376 ____A C:\Users\kkheng\Downloads\POWIIS-new network setup-Diagram-010611-v2.4.vsd
2012-04-11 16:29 - 2012-04-11 16:29 - 0000000 ____D C:\Users\kkheng\AppData\Local\{84FAB175-6FDE-4C57-9E98-FBB4E5A768D0}
2012-04-09 17:01 - 2012-04-09 17:00 - 0000000 ____D C:\Users\kkheng\AppData\Local\{79D1486E-1637-4F78-B001-684E01F7555B}
2012-04-09 04:10 - 2012-04-09 03:53 - 0000000 ____D C:\Users\kkheng\AppData\Local\MediaGet2
2012-04-08 16:24 - 2012-04-08 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{EC239C22-FEC6-438D-BD38-9087DFFACE89}
2012-04-07 18:15 - 2012-04-07 18:15 - 0000000 ____D C:\Users\kkheng\AppData\Local\{46DBDAC7-630A-4700-ABCB-51C403682252}
2012-04-05 16:23 - 2012-04-05 16:22 - 0000000 ____D C:\Users\kkheng\AppData\Local\{ECB3E279-B16F-4D4A-A7C5-C4B2AF88F501}
2012-04-05 01:20 - 2012-04-05 01:18 - 0000000 ____D C:\Users\kkheng\Downloads\ifunbox_en
2012-04-04 20:33 - 2012-04-04 20:33 - 0122875 ____A C:\Users\kkheng\Downloads\Groupon-762569311A.pdf
2012-04-04 20:01 - 2012-04-04 20:03 - 0085464 ____A C:\Users\kkheng\Documents\0405-Project Report-2012.xlsx
2012-04-04 18:30 - 2010-08-21 09:21 - 0000000 ___SD C:\Users\kkheng\Documents\My Shapes
2012-04-04 16:27 - 2012-04-04 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{1BBB4856-0D48-4A05-85E6-4AA0CEAE34F1}
2012-04-03 16:26 - 2012-04-03 16:26 - 0000000 ____D C:\Users\kkheng\AppData\Local\{ED75EB1C-61A9-426B-9E08-CDE2D7A0DC4C}
2012-04-02 17:21 - 2011-09-04 23:24 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\redsn0w
2012-04-02 16:19 - 2012-04-02 16:19 - 0000000 ____D C:\Users\kkheng\AppData\Local\{0116FCE4-D084-4664-872B-A8EB59B550C4}
2012-04-01 16:28 - 2012-04-01 16:28 - 0000000 ____D C:\Users\kkheng\AppData\Local\{AC9629E6-B2BB-464E-9E31-88F22DB02E7F}
2012-03-30 22:05 - 2012-05-16 22:51 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-16 22:51 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-16 22:51 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-16 22:51 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-16 22:47 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 16:24 - 2012-03-29 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6FF20310-A00B-4FED-AD6D-B1BA4406926C}
2012-03-28 22:57 - 2012-03-28 22:57 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Unity
2012-03-28 22:49 - 2012-03-28 22:49 - 0000000 ____D C:\Users\kkheng\AppData\Local\Unity
2012-03-28 22:49 - 2010-08-19 22:02 - 0000000 ____D C:\Users\kkheng\AppData\LocalLow
2012-03-28 17:27 - 2012-03-27 19:46 - 0013869 ____A C:\Users\kkheng\Documents\28 March 2012.docx
2012-03-28 16:30 - 2012-03-28 16:30 - 0000000 ____D C:\Users\kkheng\AppData\Local\{BECC49F3-DED5-46AD-968C-4DFE3C3FFC75}
2012-03-27 17:18 - 2012-03-27 17:09 - 2027536 ____A C:\Users\kkheng\Desktop\IMG_0310.JPG
2012-03-27 17:18 - 2012-03-27 17:09 - 2013428 ____A C:\Users\kkheng\Desktop\IMG_0309.JPG
2012-03-27 17:18 - 2012-03-27 17:09 - 1935775 ____A C:\Users\kkheng\Desktop\IMG_0308.JPG
2012-03-27 17:11 - 2012-03-27 17:10 - 0000000 ____D C:\Users\kkheng\AppData\Local\{11C04B1F-C35C-4098-A9F8-37457EC7B0B1}
2012-03-27 17:10 - 2012-03-27 17:10 - 0000000 ____D C:\Users\kkheng\AppData\Local\{E2CDDA26-C9B6-48C5-A795-C42A479A113B}
2012-03-27 05:29 - 2012-03-27 05:28 - 1174914 ____A C:\Users\kkheng\Downloads\Nikon1 Price List 20.12.2011.pdf
2012-03-27 05:29 - 2012-03-27 05:28 - 0633089 ____A C:\Users\kkheng\Downloads\Nikon Pricelist_2011_12_20.pdf
2012-03-27 05:28 - 2012-03-27 05:28 - 0111980 ____A C:\Users\kkheng\Downloads\NIKON CAMERA-NEW[1].pdf
2012-03-26 18:46 - 2012-03-26 18:46 - 0000000 ____D C:\Users\kkheng\AppData\Local\{06A99892-B33A-4D33-BF40-C54F564A5F0A}
2012-03-26 18:46 - 2012-03-26 18:45 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F359827A-1ED7-4A3F-9BBE-EA57CF26E1CC}
2012-03-25 19:18 - 2011-05-11 19:45 - 0000534 ____A C:\Users\kkheng\Documents\License Key.txt
2012-03-25 16:38 - 2012-03-25 16:38 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6A55F98D-3B4B-4A12-A908-5828614B1D20}
2012-03-25 16:38 - 2012-03-25 16:37 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D3F3A526-548D-4557-B5F8-551260F14824}
2012-03-23 23:03 - 2012-03-23 23:03 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3CE3992D-2460-432B-87EC-1CA50EACB57B}
2012-03-23 23:02 - 2012-03-23 23:02 - 0000000 ____D C:\Users\kkheng\AppData\Local\{20B14599-F5B6-4CB5-B3E2-C948763C1946}
2012-03-21 16:50 - 2012-03-21 16:49 - 0000000 ____D C:\Users\kkheng\AppData\Local\{8D102A8B-EF79-48CF-9C91-5D66331B82C9}
2012-03-21 16:49 - 2012-03-21 16:49 - 0000000 ____D C:\Users\kkheng\AppData\Local\{CDA20E76-A483-466E-A116-E0633F517D23}
2012-03-20 22:38 - 2012-03-20 21:38 - 0074979 ____A C:\Users\kkheng\Documents\SAN 1 & SAN 2 on 100mbps switch.csv
2012-03-20 21:22 - 2012-03-20 19:22 - 0150088 ____A C:\Users\kkheng\Documents\SAN 2 on 100mbps switch.csv
2012-03-20 19:23 - 2012-02-27 19:27 - 0000000 ____D C:\Users\kkheng\.storage_system
2012-03-20 16:57 - 2012-03-20 16:57 - 0000000 ____D C:\Users\kkheng\AppData\Local\{C04E5F31-49BF-46A6-BBA4-2E0E26C67C28}
2012-03-20 16:57 - 2012-03-20 16:57 - 0000000 ____D C:\Users\kkheng\AppData\Local\{5839941E-BA6A-4F02-8766-E8F182E50690}
2012-03-20 04:57 - 2012-03-20 04:57 - 0000000 ____D C:\Users\kkheng\AppData\Local\{CF20918F-F32B-40C0-BD66-1AD9ACF9C2C3}
2012-03-19 16:57 - 2012-03-19 16:57 - 0000000 ____D C:\Users\kkheng\AppData\Local\{CAFC0B02-FA90-4D07-8837-41E85C565BC6}
2012-03-19 16:57 - 2012-03-19 16:57 - 0000000 ____D C:\Users\kkheng\AppData\Local\{96BBC0C9-5C46-45CB-B6C4-8647433AE43D}
2012-03-18 19:18 - 2012-03-18 19:18 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3146B46D-9C4A-4A38-8674-4180F89F12E1}
2012-03-16 23:58 - 2012-05-16 22:49 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 19:07 - 2012-03-15 19:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6C1260A9-02E4-4761-9A65-04ADEABFC914}
2012-03-15 19:07 - 2012-03-15 19:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4917DC5F-449A-4CEE-927F-9F781FE2B0CB}
2012-03-15 07:07 - 2012-03-15 07:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D71B8BBD-0153-41BC-9EC7-074C4EB893FC}
2012-03-15 07:07 - 2012-03-15 07:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{8260FD21-7B48-4FFE-988F-FEFC263F43BF}
2012-03-15 01:55 - 2012-03-15 01:55 - 0219664 ____A C:\Users\kkheng\Downloads\Alpha Lens Price List wef 1 March 2012.xlsx
2012-03-15 01:48 - 2012-03-15 01:48 - 0163377 ____A C:\Users\kkheng\Downloads\March 2012_Sales Mechanism.pdf
2012-03-14 19:07 - 2012-03-14 19:06 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D0A92817-5484-41A3-B116-FD3C6977AD8E}
2012-03-14 19:06 - 2012-03-14 19:06 - 0000000 ____D C:\Users\kkheng\AppData\Local\{BDF295F3-9854-4164-B529-E12F1022D6AE}
2012-03-14 07:06 - 2012-03-14 07:06 - 0000000 ____D C:\Users\kkheng\AppData\Local\{BE24A960-C34A-47B4-B8C9-5C1439BAE7E2}
2012-03-14 07:06 - 2012-03-14 07:06 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4A65EB39-8D91-4995-99F8-4FE8A09954F4}
2012-03-13 19:05 - 2012-03-13 19:05 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F9B41295-042F-458A-B756-28449F2636F1}
2012-03-13 19:05 - 2012-03-13 19:05 - 0000000 ____D C:\Users\kkheng\AppData\Local\{B8C20D68-1CB0-48AE-85A7-DC29C0E9CF1F}
2012-03-13 19:04 - 2011-04-26 20:47 - 0011372 ____A C:\Windows\System32\.rsp
2012-03-13 19:04 - 2011-04-26 20:47 - 0001479 ____A C:\Windows\System32\.lck
2012-03-13 18:46 - 2012-03-13 18:46 - 0000000 ____D C:\Users\kkheng\AppData\Local\{1493076E-032D-41BE-9B5B-533757EF755C}
2012-03-12 16:29 - 2012-03-12 16:29 - 0000000 ____D C:\Users\kkheng\AppData\Local\{2E62B058-CBBB-495E-AE86-92E55BF34A08}
2012-03-12 16:29 - 2012-03-12 16:28 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D2FA9253-DAAB-41F8-8D39-523942AAB9FD}
2012-03-11 16:25 - 2012-03-11 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{9B35EEA3-2677-4295-97CE-198CB49B84CE}
2012-03-11 16:24 - 2012-03-11 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{D39FDA27-4EA1-412E-8105-8D78AC785D1F}
2012-03-08 18:50 - 2012-03-08 18:49 - 4959152 ____A (TeamViewer GmbH) C:\Users\kkheng\Downloads\TeamViewer_Setup.exe
2012-03-08 17:05 - 2012-03-08 17:05 - 0000000 ____D C:\Users\kkheng\AppData\Local\{BBD9A877-1114-40D8-9F53-DB73B17C9D54}
2012-03-08 17:05 - 2012-03-08 17:05 - 0000000 ____D C:\Users\kkheng\AppData\Local\{594C093A-7C97-4FD5-B777-6A154F415B46}
2012-03-08 04:55 - 2012-03-08 04:54 - 0000000 ____D C:\Users\kkheng\AppData\Local\{43089188-444E-475D-8F64-D9D6CA09CD15}
2012-03-08 04:54 - 2012-03-08 04:54 - 0000000 ____D C:\Users\kkheng\AppData\Local\{23577FE6-F91D-4DC8-9136-91CFF72AF334}
2012-03-08 02:50 - 2012-03-08 02:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 02:37 - 2012-03-08 02:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-07 18:53 - 2012-02-27 05:08 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-07 16:55 - 2012-03-07 16:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{07D65785-E004-4548-9A32-1DC56902F7E9}
2012-03-06 22:26 - 2012-03-06 22:26 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-06 22:25 - 2012-03-06 22:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{33AEC78F-A6CC-43FD-B4F3-9CAACB4F9B8E}
2012-03-06 22:25 - 2012-03-06 22:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{A9822EC9-17F6-447B-93AC-31F6069BA556}
2012-03-06 16:55 - 2012-03-06 16:55 - 0000000 ____D C:\Users\kkheng\AppData\Local\{127A8F19-1CCE-4787-A4B2-3B52232F0BE7}
2012-03-05 18:54 - 2012-03-05 18:54 - 0000000 ____D C:\Users\kkheng\AppData\Local\{52B31A78-808E-42F2-A125-552D5F4D4828}
2012-03-05 18:54 - 2012-03-05 18:54 - 0000000 ____D C:\Users\kkheng\AppData\Local\{2A43B54A-7F75-4BAF-9980-849475EBE9F9}
2012-03-05 17:43 - 2012-03-05 17:28 - 0651099 ____A C:\Users\kkheng\Desktop\New Microsoft Word Document.docx
2012-03-05 06:53 - 2012-03-05 06:53 - 0000000 ____D C:\Users\kkheng\AppData\Local\{A39F5F0E-6B65-4476-A976-0181C474130F}
2012-03-05 06:53 - 2012-03-05 06:53 - 0000000 ____D C:\Users\kkheng\AppData\Local\{0CF17293-0F17-4E70-A2DF-29776B1EF943}
2012-03-04 23:45 - 2012-03-04 23:45 - 0272213 ____A C:\Users\kkheng\Downloads\Price announcement of S6300, S4300, S3300, L26,L25.pdf
2012-03-04 23:44 - 2012-03-04 23:44 - 0016169 ____A C:\Users\kkheng\Downloads\DI Price List_2012 FEB.xlsx
2012-03-04 18:53 - 2012-03-04 18:53 - 0000000 ____D C:\Users\kkheng\AppData\Local\{A0880D73-8F73-446F-9BF5-B561F18A8755}
2012-03-02 22:35 - 2012-05-16 22:51 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-16 22:51 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-01 17:36 - 2012-03-01 17:36 - 0000000 ____D C:\Users\kkheng\AppData\Local\{4F468578-4861-4D8E-8C36-6B62C3C77A6E}
2012-03-01 17:36 - 2012-03-01 17:36 - 0000000 ____D C:\Users\kkheng\AppData\Local\{43C6A1CC-9EF4-4DA1-8BD3-481875715614}
2012-03-01 05:08 - 2012-03-01 05:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{6C651BC7-0A08-4D4F-86EF-28BD9A64672C}
2012-03-01 05:07 - 2012-03-01 05:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{35CBDA9A-A4F0-4530-A321-588706DE538C}
2012-02-29 22:46 - 2012-05-16 23:08 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-05-16 23:08 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-05-16 23:08 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-05-16 23:08 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-05-16 23:08 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-05-16 23:08 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-05-16 23:08 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 17:07 - 2012-02-29 17:07 - 0000000 ____D C:\Users\kkheng\AppData\Local\{14701C60-4571-4D50-AB7B-C031CA2A9C99}
2012-02-29 17:07 - 2012-02-29 17:06 - 0000000 ____D C:\Users\kkheng\AppData\Local\{7A911EE2-6A7F-442B-B2D6-9D3FFF05B4A5}
2012-02-28 17:35 - 2012-02-28 17:35 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F0188D14-31BB-4923-8609-2A70CCE12A6E}
2012-02-28 17:35 - 2012-02-28 01:41 - 0000000 ____D C:\Users\kkheng\AppData\Local\{F4F8AC89-B92D-4804-B1DA-395048785DC0}
2012-02-28 00:42 - 2011-04-19 18:49 - 0000000 ____D C:\Users\kkheng\Desktop\Exchange
2012-02-27 23:34 - 2012-05-16 23:22 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-05-16 23:22 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-05-16 23:22 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-05-16 23:22 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-05-16 23:22 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-05-16 23:22 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-05-16 23:22 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-05-16 23:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-05-16 23:22 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-05-16 23:23 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:43 - 2012-05-16 23:22 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:42 - 2012-05-16 23:23 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-05-16 23:22 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 19:27 - 2012-02-27 19:27 - 0000000 ____D C:\Users\kkheng\.hp
2012-02-27 19:27 - 2012-02-27 19:26 - 0000000 ___HD C:\Program Files (x86)\Zero G Registry
2012-02-27 19:26 - 2012-02-27 19:26 - 0000000 ____D C:\Program Files (x86)\HP
2012-02-27 19:25 - 2012-02-27 19:25 - 0000000 ___HD C:\Users\kkheng\InstallAnywhere
2012-02-27 17:52 - 2012-05-16 23:22 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-05-16 23:22 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-05-16 23:22 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:13 - 2010-08-20 07:39 - 0000000 ____D C:\Users\kkheng\AppData\Roaming\Nero
2012-02-27 17:12 - 2012-05-16 23:22 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-05-16 23:22 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-05-16 23:22 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-05-16 23:22 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-05-16 23:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-05-16 23:22 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-05-16 23:22 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-05-16 23:23 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-05-16 23:23 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-05-16 23:22 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 05:08 - 2012-02-27 05:08 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-02-27 05:08 - 2012-02-27 05:08 - 0000000 ____D C:\Users\All Users\Skype
2012-02-27 05:08 - 2012-02-27 05:08 - 0000000 ____D C:\ProgramData\Skype
2012-02-27 04:31 - 2012-02-27 04:31 - 0000000 ____D C:\Users\kkheng\AppData\Local\{5B9DAEC3-17BA-4697-9473-CC02941F161E}
2012-02-27 04:31 - 2012-02-27 04:31 - 0000000 ____D C:\Users\kkheng\AppData\Local\{3C0783B6-17A4-4CC7-9FD4-E725490EFDA0}
2012-02-25 22:09 - 2012-02-25 22:09 - 0000000 ____D C:\Users\kkheng\AppData\Local\{8AC421B2-1227-4ED0-B9E1-500664A1A246}
2012-02-25 07:19 - 2012-02-25 07:19 - 0000000 ____D C:\Program Files (x86)\SnadBoy's Revelation v2
2012-02-25 06:45 - 2012-02-25 06:45 - 0000000 ____D C:\Users\kkheng\AppData\Local\{5E1E18F1-5D44-4E79-AD58-BFCD8F4939E5}
2012-02-25 06:45 - 2012-02-25 06:44 - 0000000 ____D C:\Users\kkheng\AppData\Local\{2963FD45-F544-49DE-903D-969BD276C6C3}
2012-02-23 16:35 - 2012-02-23 16:35 - 0000000 ____D C:\Users\kkheng\AppData\Local\{05DC91B9-087B-4E5F-9240-74391BCF5F62}
2012-02-23 16:35 - 2012-02-23 16:34 - 0000000 ____D C:\Users\kkheng\AppData\Local\{17EDA1A1-3987-45C1-8696-5361EB5CAFA7}
2012-02-23 14:33 - 2012-03-04 07:17 - 932250019 ____A C:\Users\kkheng\Desktop\[无极电影-www.wujidy.com].伦敦大道.[中英双字.1024分辨率].rmvb
2012-02-22 16:12 - 2012-02-22 16:12 - 0000000 ____D C:\Users\kkheng\AppData\Local\{ED3EBCE3-A31F-437C-A50B-3A9CEA09CD2B}
2012-02-22 16:12 - 2012-02-22 16:12 - 0000000 ____D C:\Users\kkheng\AppData\Local\{9E7EE345-14F9-4CD7-A5D0-90E8C47D15DA}
2012-02-21 19:05 - 2012-02-21 19:05 - 0246272 ____A C:\Users\kkheng\Desktop\schedule.mpp
2012-02-21 16:25 - 2012-02-21 16:25 - 0000000 ____D C:\Users\kkheng\AppData\Local\{C3B80111-FA8E-425D-A130-D6BCE1171ECF}
2012-02-21 16:25 - 2012-02-21 16:24 - 0000000 ____D C:\Users\kkheng\AppData\Local\{62D05936-6BA3-4C01-BA30-82D85D538351}
2012-02-20 17:44 - 2012-02-20 17:44 - 0001090 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-02-20 17:43 - 2010-08-20 06:26 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-02-20 16:39 - 2012-02-20 16:38 - 0000000 ____D C:\Users\kkheng\AppData\Local\{9DA4ACEB-90EE-4BC9-BB1C-11A61AC87432}
2012-02-20 16:38 - 2012-02-20 16:38 - 0000000 ____D C:\Users\kkheng\AppData\Local\{BAD47A34-880B-4D79-94AD-28C5276BA133}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8047.43 MB
Available physical RAM: 7202.82 MB
Total Pagefile: 8045.58 MB
Available Pagefile: 7191.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:293.2 GB) (Free:120.06 GB) NTFS
2 Drive d: (Page File) (Fixed) (Total:2.01 GB) (Free:0.02 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:0.03 GB) FAT32
5 Drive h: (New Volume) (Removable) (Total:7.51 GB) (Free:7.45 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: () (Fixed) (Total:0.88 GB) (Free:0.83 GB) FAT32 ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 7700 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 900 MB 1024 KB
Partition 2 Primary 293 GB 901 MB
Partition 3 Primary 2048 MB 294 GB
Partition 0 Extended 2057 MB 296 GB
Partition 4 Logical 2056 MB 296 GB

======================================================================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y FAT32 Partition 900 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 293 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HP_TOOLS FAT32 Partition 2048 MB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Page File NTFS Partition 2056 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7694 MB 5132 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H New Volume NTFS Removable 7694 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-09 22:07

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 19 May 2012 - 01:13 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 19 May 2012 - 03:51 AM

Hi,

I'm unable to run combofix in normal windows mode (trying for few times and still same result). Attach combofix log is obtain by running combofix in safe mode

ComboFix 12-05-19.01 - kkheng 05/19/2012 16:12:39.2.4 - x64 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8047.7170 [GMT 8:00]
Running from: c:\users\kkheng\Downloads\Combo-Fix.exe
AV: Kaspersky Endpoint Security 8 for Windows *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Endpoint Security 8 for Windows *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Endpoint Security 8 for Windows *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 21:57 . 2012-05-19 21:58 -------- d-----w- C:\FRST
2012-05-19 08:25 . 2012-05-19 08:25 -------- d-----w- c:\users\TEMP.ALPHAMATIC\AppData\Local\temp
2012-05-19 08:25 . 2012-05-19 08:25 -------- d-----w- c:\users\EBS\AppData\Local\temp
2012-05-19 08:25 . 2012-05-19 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 08:25 . 2012-05-19 08:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-19 06:08 . 2012-05-19 08:00 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-19 06:08 . 2012-05-19 06:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-05-19 06:05 . 2012-05-19 06:05 -------- d-----w- C:\kes 8.1
2012-05-18 04:34 . 2012-05-18 04:48 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-05-18 01:50 . 2012-05-18 01:50 -------- d-----w- c:\program files (x86)\DLLSuite
2012-05-18 01:42 . 2012-05-18 01:42 -------- d-----w- c:\users\kkheng\AppData\Local\SvchostViewer
2012-05-17 07:23 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-17 07:23 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-05-17 07:23 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-17 07:08 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 07:08 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 07:08 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-17 07:08 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 07:08 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-17 07:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-17 07:08 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-17 06:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-17 06:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-17 06:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-17 06:50 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-17 06:50 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-17 06:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-17 06:49 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 06:49 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-17 06:49 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-17 06:49 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-17 06:49 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-17 06:49 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-17 06:23 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-17 06:23 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-11 04:52 . 2012-05-11 04:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-11 03:10 . 2012-04-30 12:42 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-05-11 03:10 . 2012-04-30 12:42 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-05-11 03:10 . 2012-04-30 12:42 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-05-11 03:10 . 2012-04-30 12:40 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-05-11 03:10 . 2012-04-30 12:42 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-05-11 03:07 . 2012-05-11 03:07 -------- d-----w- c:\program files\Common Files\VMware
2012-05-10 04:21 . 2012-05-10 09:35 -------- d-----w- c:\program files\Microsoft Lync
2012-05-10 04:21 . 2012-05-10 09:35 -------- d-----w- c:\program files (x86)\Microsoft Lync
2012-05-10 04:21 . 2012-05-10 04:21 -------- d-----w- c:\program files (x86)\OCSetup
2012-05-09 07:36 . 2012-05-18 04:13 -------- d-----w- c:\program files\Soluto
2012-05-09 06:38 . 2012-05-09 06:38 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-05-09 06:38 . 2012-05-09 06:38 102832 ----a-w- c:\windows\system32\FwsVpn.dll
2012-05-07 00:59 . 2012-05-07 00:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-07 00:59 . 2012-05-07 00:58 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-07 00:58 . 2012-05-07 00:58 -------- d-----w- c:\program files (x86)\Java
2012-05-03 00:31 . 2012-05-03 00:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-03 00:31 . 2012-05-03 00:31 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 00:31 . 2012-05-03 00:31 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-30 10:26 . 2012-04-30 10:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-04-30 09:22 . 2012-04-30 09:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-04-30 09:22 . 2012-04-30 09:22 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-04-30 09:22 . 2012-04-30 09:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 09:22 . 2012-04-30 09:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-04-30 09:22 . 2012-04-30 09:22 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 09:29 . 2012-04-05 02:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 09:29 . 2011-05-13 15:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 09:29 . 2012-04-05 02:29 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-09 06:38 . 2009-09-17 10:36 287152 ----a-w- c:\windows\system32\SymVPN.dll
2012-05-07 00:58 . 2011-06-07 13:56 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-17 03:16 . 2012-04-17 03:16 235408 ----a-w- c:\windows\system32\klogon.dll
2012-04-03 09:44 . 2012-04-03 09:44 58672 ----a-w- c:\windows\system32\drivers\klfltdev.sys
2012-03-08 10:50 . 2012-03-08 10:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 10:37 . 2012-03-08 10:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-05-17_08.05.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-17 06:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-19 08:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-17 06:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 08:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 06:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 08:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-17 01:58 . 2012-05-19 07:31 72624 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-19 08:01 40126 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-20 06:03 . 2012-05-19 08:01 27362 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-758114258-3968903629-661088288-1849_UserData.bin
- 2010-08-20 16:34 . 2012-05-17 07:25 68762 c:\windows\system32\prfh0816.dat
+ 2010-08-20 16:34 . 2012-05-19 08:08 68762 c:\windows\system32\prfh0816.dat
- 2010-08-21 07:28 . 2012-05-17 07:25 39632 c:\windows\system32\prfh0804.dat
+ 2010-08-21 07:28 . 2012-05-19 08:08 39632 c:\windows\system32\prfh0804.dat
+ 2010-08-21 07:38 . 2012-05-19 08:08 40764 c:\windows\system32\prfh0404.dat
- 2010-08-21 07:38 . 2012-05-17 07:25 40764 c:\windows\system32\prfh0404.dat
- 2010-08-20 16:34 . 2012-05-17 07:25 28334 c:\windows\system32\prfc0816.dat
+ 2010-08-20 16:34 . 2012-05-19 08:08 28334 c:\windows\system32\prfc0816.dat
- 2010-08-21 07:28 . 2012-05-17 07:25 24658 c:\windows\system32\prfc0804.dat
+ 2010-08-21 07:28 . 2012-05-19 08:08 24658 c:\windows\system32\prfc0804.dat
- 2010-08-21 07:38 . 2012-05-17 07:25 24658 c:\windows\system32\prfc0404.dat
+ 2010-08-21 07:38 . 2012-05-19 08:08 24658 c:\windows\system32\prfc0404.dat
+ 2010-08-21 04:51 . 2012-05-19 08:08 64850 c:\windows\system32\perfh01F.dat
- 2010-08-21 04:51 . 2012-05-17 07:25 64850 c:\windows\system32\perfh01F.dat
- 2010-08-20 16:25 . 2012-05-17 07:25 71668 c:\windows\system32\perfh013.dat
+ 2010-08-20 16:25 . 2012-05-19 08:08 71668 c:\windows\system32\perfh013.dat
- 2010-08-21 04:51 . 2012-05-17 07:25 27710 c:\windows\system32\perfc01F.dat
+ 2010-08-21 04:51 . 2012-05-19 08:08 27710 c:\windows\system32\perfc01F.dat
+ 2010-08-20 16:25 . 2012-05-19 08:08 29340 c:\windows\system32\perfc013.dat
- 2010-08-20 16:25 . 2012-05-17 07:25 29340 c:\windows\system32\perfc013.dat
- 2009-07-14 05:30 . 2012-05-11 03:10 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-05-19 06:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-09-01 08:28 . 2011-09-01 08:28 32048 c:\windows\system32\DriverStore\FileRepository\klim6.inf_amd64_neutral_9d055e61f644e550\klim6.sys
+ 2011-09-01 08:28 . 2011-09-01 08:28 32048 c:\windows\system32\drivers\klim6.sys
+ 2011-08-18 10:12 . 2011-08-18 10:12 13616 c:\windows\system32\drivers\kl2.sys
- 2010-08-16 23:58 . 2012-05-17 07:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-16 23:58 . 2012-05-18 04:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-16 23:58 . 2012-05-17 07:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-16 23:58 . 2012-05-18 04:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-18 04:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 07:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-18 05:11 . 2012-05-18 05:11 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\d1fd7c6fa53fa174d2136462c2dadfd6\System.Xaml.Hosting.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Routing\df33d56dcdde38c15a777ebc79836fc5\System.Web.Routing.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\f264bdbcf8421a26d71e12f148933537\System.Web.DynamicData.Design.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Abstract#\4f6bef518b1bb0ae5d892588eccdcf25\System.Web.Abstractions.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 13824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\a8258e28b61cad85c49c97273a2aae55\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 47616 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\c74328b7d9f2b5cf7f74cd4b55041ee7\Microsoft.Workflow.Compiler.ni.exe
+ 2012-05-18 01:07 . 2012-05-18 01:07 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\ae1aa0da6c3f69ae100effa75c1e2316\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\3f51f3b0ffc904203234c8b32f98c31f\Microsoft.Office.Tools.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe
+ 2012-05-18 01:05 . 2012-05-18 01:05 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\4185d95173b2ad3cd57c5a8140a29784\System.Xaml.Hosting.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f3a9c6e87bfa4bab3689ec1cdb56964f\System.Windows.Presentation.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\d8f7bf8ce78d0785e68c589c1e64a6dd\System.Web.Routing.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\f3c6d85dce84a570050a2224f51cd54e\System.Web.DynamicData.Design.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9b418f37f4594806e1f4b0ed6d083a95\System.Web.ApplicationServices.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\31ec874a9482ad1a99ba24ca4a6ec914\System.Web.Abstractions.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\703ffb7a271059d40edeff9eb0e2b7e3\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\f519738a47ffedaa4c04ec6e16a6b7b1\Microsoft.Workflow.Compiler.ni.exe
+ 2012-05-18 05:07 . 2012-05-18 05:07 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\d1863e1b75c767daef24a3b149faddac\Microsoft.Office.Tools.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\31173593560b0b4db1a7b6025dabc5e5\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 89088 c:\windows\assembly\NativeImages_v2.0.50727_64\vjsvwaux\67087949a6f2a8993ed3f897ef23cd8f\vjsvwaux.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 51712 c:\windows\assembly\NativeImages_v2.0.50727_64\vjsjbc\72e89c486638b6b6749768e7b475bbfd\vjsjbc.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\vjscor\87c14a5c2304d24745b5b02b7e9ed7c5\vjscor.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7a827b959d4714667a8b7ab0d2fa844b\System.Web.DynamicData.Design.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\ee709a01b51c82626f4b2c1173f2db28\stdole.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe
+ 2012-05-17 14:33 . 2012-05-17 14:33 99328 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGUsersCenter\0475db57deb707de5f66bf80513eb85a\PCGUsersCenter.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGRSPProbe\7ab97490083b36714322d9aaf3d812ca\PCGRSPProbe.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 95232 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGHIDProbe\09fed49365f5c02803b299dc1bba648f\PCGHIDProbe.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 73216 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGEntities\8f105e9b0cdec09738fdf388662c524e\PCGEntities.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 92160 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGConfiguration\c52fa84fcf03808aeeb360a340bfce25\PCGConfiguration.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 53248 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGAzureEntityFrame#\a58962b6581b6ddffc3e9130471b5720\PCGAzureEntityFramework.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d84c14e69b88aeac74de3f6805b900e7\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 71680 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\abd9d2880ca61bf077d60419f5ec1114\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\90084df18546aa62b4341a272ea71d30\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\75909fbd25e848d0425e03df4c06a00b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7003996ae5bd140e50c6a12a7c419910\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\397ef046a0d464801359654f6df589be\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\317ca97e8f47080ea7950654db36ece0\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\2d07593d9552f036c38c9b15b6355390\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 87040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\07f7dae1df42a6bce3126ce63ea0564e\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\da47c045fb26852f5f85c81daf7283ad\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\470be8218256dec2c8a1a503b70feab1\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe
+ 2012-05-18 00:34 . 2012-05-18 00:34 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe
+ 2012-05-17 14:28 . 2012-05-17 14:28 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\e5caecdfb99f9de3031152786ee208d9\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\9b5920700e07ea86ee788a74bd7cd1e3\VjsWfcBrowserStubLib.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 49664 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\d39bfea36fa69e1f67269a7c60d09b4d\vjsvwaux.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\236e957b50a802cf1b6f8881f970043a\vjslibcw.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\6c037cf2482a3c874b77185f0f7bb57e\vjsjbc.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\785b76d20900b5682d8d1961c88add9b\vjscor.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2d750978368543e975665a7eec11015b\System.Web.DynamicData.Design.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-17 08:19 . 2012-05-17 08:19 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d246780b91fd9f6393e85fb13bde94a6\stdole.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe
+ 2012-05-17 08:18 . 2012-05-17 08:18 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll
+ 2012-05-18 05:02 . 2012-05-18 05:02 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\be59506a77d76e325dbb02a4ef651eff\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a516cad7285e7506dc477e03c7468aac\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a3d7d37ccd26595b9858116ac8e78e42\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a306bdd890d9250b9cb4c03876f3b146\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-05-18 04:02 . 2012-05-18 04:02 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9e572d1a5f468ae4226d9c74a54dbf5a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 04:02 . 2012-05-18 04:02 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4d661ba2b6ac1a23427070f799fd540c\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\443eceb48c4c76162ef874395f612590\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\15fc771e1d8fc88f3a9f54e31fee7331\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-05-18 04:02 . 2012-05-18 04:02 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\11852ce9e3c8a47a9f194e2671a2597f\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\03f7e17a9422755c383ec2100e178a32\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\c8831ecadb3b99c04fdde12217e715cb\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\54c9d51df5b739db67a270b421af5fde\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\b340ffecf18f545373cc05827462d6cb\Microsoft.Office.InfoPath.Permission.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\1746deeb1c6c9609c1c59c852bf0bcbb\ipdmctrl.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe
+ 2012-05-17 14:51 . 2012-05-17 14:51 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\2ebfc41cb0193cb129521d80ec206da7\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
+ 2012-05-19 08:10 . 2012-05-19 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 07:49 . 2012-05-17 07:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-19 08:10 . 2012-05-19 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-17 07:49 . 2012-05-17 07:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-18 05:10 . 2012-05-18 05:10 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
+ 2010-08-17 01:05 . 2012-05-19 05:47 286378 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-08-21 04:51 . 2012-05-19 08:08 434946 c:\windows\system32\perfh012.dat
- 2010-08-21 04:51 . 2012-05-17 07:25 434946 c:\windows\system32\perfh012.dat
+ 2010-08-21 08:25 . 2012-05-19 08:08 423352 c:\windows\system32\perfh011.dat
- 2010-08-21 08:25 . 2012-05-17 07:25 423352 c:\windows\system32\perfh011.dat
+ 2010-08-20 16:15 . 2012-05-19 08:08 745562 c:\windows\system32\perfh010.dat
- 2010-08-20 16:15 . 2012-05-17 07:25 745562 c:\windows\system32\perfh010.dat
- 2010-08-21 08:43 . 2012-05-17 07:25 750870 c:\windows\system32\perfh00A.dat
+ 2010-08-21 08:43 . 2012-05-19 08:08 750870 c:\windows\system32\perfh00A.dat
+ 2009-07-14 02:36 . 2012-05-19 08:08 667918 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-17 07:25 667918 c:\windows\system32\perfh009.dat
- 2010-08-21 08:34 . 2012-05-17 07:25 702310 c:\windows\system32\perfh007.dat
+ 2010-08-21 08:34 . 2012-05-19 08:08 702310 c:\windows\system32\perfh007.dat
- 2010-08-21 04:51 . 2012-05-17 07:25 514868 c:\windows\system32\perfh006.dat
+ 2010-08-21 04:51 . 2012-05-19 08:08 514868 c:\windows\system32\perfh006.dat
+ 2010-08-21 04:51 . 2012-05-19 08:08 122422 c:\windows\system32\perfc012.dat
- 2010-08-21 04:51 . 2012-05-17 07:25 122422 c:\windows\system32\perfc012.dat
+ 2010-08-21 08:25 . 2012-05-19 08:08 124134 c:\windows\system32\perfc011.dat
- 2010-08-21 08:25 . 2012-05-17 07:25 124134 c:\windows\system32\perfc011.dat
- 2010-08-20 16:15 . 2012-05-17 07:25 148728 c:\windows\system32\perfc010.dat
+ 2010-08-20 16:15 . 2012-05-19 08:08 148728 c:\windows\system32\perfc010.dat
+ 2010-08-21 08:43 . 2012-05-19 08:08 160264 c:\windows\system32\perfc00A.dat
- 2010-08-21 08:43 . 2012-05-17 07:25 160264 c:\windows\system32\perfc00A.dat
- 2009-07-14 02:36 . 2012-05-17 07:25 124134 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-19 08:08 124134 c:\windows\system32\perfc009.dat
- 2010-08-21 08:34 . 2012-05-17 07:25 150722 c:\windows\system32\perfc007.dat
+ 2010-08-21 08:34 . 2012-05-19 08:08 150722 c:\windows\system32\perfc007.dat
+ 2010-08-21 04:51 . 2012-05-19 08:08 100412 c:\windows\system32\perfc006.dat
- 2010-08-21 04:51 . 2012-05-17 07:25 100412 c:\windows\system32\perfc006.dat
+ 2009-07-14 05:30 . 2012-05-19 06:09 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-11 03:10 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-19 06:09 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-05-11 03:10 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-05-19 06:09 . 2012-05-19 06:09 152233 c:\windows\system32\drivers\klin.dat
+ 2012-05-19 06:08 . 2012-05-19 06:08 636720 c:\windows\system32\drivers\klif.sys
+ 2012-05-19 06:09 . 2012-05-19 06:09 107177 c:\windows\system32\drivers\klick.dat
+ 2011-08-18 10:11 . 2011-08-18 10:11 464176 c:\windows\system32\drivers\kl1.sys
+ 2009-07-14 04:46 . 2012-05-19 05:50 114408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-17 07:11 . 2012-05-17 07:48 815288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-17 07:11 . 2012-05-18 04:39 815288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-05-19 08:09 465112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-17 07:48 465112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-19 06:18 . 2012-05-19 06:18 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-03-08 02:53 . 2012-03-08 02:53 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-05-18 05:11 . 2012-05-18 05:11 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\d7ba8f0a500f25cbed7daa07e8d748ec\XamlBuildTask.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 462336 c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\c87183cbec623926230118ddb9c93662\WsatConfig.ni.exe
+ 2012-05-18 05:11 . 2012-05-18 05:11 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\342472450a587d22afebf6e7ecbbca5c\WindowsFormsIntegration.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\fb43d84bc59b21e8a7f3e36d616eea90\UIAutomationTypes.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\26f12a0a3baed2a227cf30aaeae03913\UIAutomationProvider.ni.dll
+ 2012-05-18 05:11 . 2012-05-18 05:11 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\1c3c298326e9ac14796516ac1da09a16\UIAutomationClient.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\307eea660f877dc40ae90882ce554757\System.Xml.Linq.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\b4afa252d0f0e27b0b5e8fcb2cc5b3a7\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\6164eab0903d48b0e13f6b402192a16f\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\31c9a177e71d9ded2a09252d362bab1d\System.Web.RegularExpressions.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\96723810a3013fb37533b241ddebe76b\System.Web.Entity.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\32dd58575d335d0f2468707a2f036ad6\System.Web.Entity.Design.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\253fbcec31d624a95ec427c1a693f99b\System.Web.DynamicData.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\a66e5bee331b6eeefd9636ffd9b87d1c\System.Web.DataVisualization.Design.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\8c0ee7b970cc4e8c2986c7898af71661\System.Transactions.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\f67f5d2f51eecc45b68bf86d65a1624d\System.ServiceProcess.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\eb4fb369926faaffede7aaf317fd6532\System.ServiceModel.Channels.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e5ab3c37897bb578bdbfe6b7e0558ad8\System.ServiceModel.Routing.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 587776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8f896864a26d75c339216f339a14f1a1\System.ServiceModel.Activation.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\e48b6a8c491a96d1bc601795532af605\System.Security.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\7590828d50338d512b11a4d3f87d69a2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\57f6833522c9820223bbf4a9a343f739\System.Runtime.Remoting.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\f13c2516bc89d916d39d3746e5d668e1\System.Runtime.Caching.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\5f2bfb0585061dc256ee9587d430959f\System.Numerics.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\6996a415485a84fef2d2556b0462336f\System.Net.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\6e886c2e732ff69ae9eb1dc121b767d8\System.Messaging.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\92d266f677605e5475b7f39c063c4a9d\System.Management.Instrumentation.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\07a0e1efc063042be3e8faf62b413a12\System.IO.Log.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\7fd39b9a208214e6e5eba4e9396409f1\System.IdentityModel.Selectors.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\521f5bccf74318a4777597b0c01fda1e\System.Dynamic.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 289792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\2652a7d17f0c4b88621284efcd8a0233\System.Drawing.Design.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6a8bd7d373c988a585e90bb61c5ec8cc\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\78dd02d104bb15bc3820c06bd2876239\System.Device.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 662528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\a7528e9723fb3c77bba4ce617a9c9e03\System.Data.Services.Design.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\97d1aaf3733b107ecdbecb9d21050ff4\System.Data.DataSetExtensions.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c3d7a7ff58ff502887d8f1b77e61adbc\System.Configuration.Install.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a4f91f2dfd1656ef2e42917963f6bf50\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 871936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\b1c67ee2e0e6e78c31985069fbc82596\System.AddIn.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c69fb0f955adc7ca80cd5f2fd730edea\System.Activities.DurableInstancing.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\11fc863fa4f5092fca4f2ce25a9ac361\SMSvcHost.ni.exe
+ 2012-05-18 03:23 . 2012-05-18 03:23 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\50e8e826488639e549589ba34666933e\SMDiagnostics.ni.dll
+ 2012-05-18 03:22 . 2012-05-18 03:22 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\722c0236432dd5ccc047481d3ebbd49e\PresentationFramework.Royale.ni.dll
+ 2012-05-18 01:08 . 2012-05-18 01:08 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\6739c3715c9e38dbdfbfd57b424a3094\PresentationFramework.Aero.ni.dll
+ 2012-05-18 01:08 . 2012-05-18 01:08 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3e7359f5f0fb68565314f88f6ec2d67a\PresentationFramework.Luna.ni.dll
+ 2012-05-18 01:08 . 2012-05-18 01:08 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\263748f3d18955b9e467710da1e8546f\PresentationFramework.Classic.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 364544 c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\d448d55698c8471a921d17e20c0ac885\MSBuild.ni.exe
+ 2012-05-18 01:07 . 2012-05-18 01:07 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\e1725f0aad2d375efdcfeea0f428df59\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 864256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\d0e50cfb6d905c6e878d604ad65e2043\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 232448 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\cbaf843286694ed089b2a911c48f29d0\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\ac6c6882341a572604fa25b32836a4c0\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\45da98c4ff3a12f7438f2b7cd10752b9\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\136e31ba5378e99c0439d13a53b6227f\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\634a00569f0fe8693873f42039aca35f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\6480551111832c83ee88bcf756a72533\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\c1993abc53fd494f69a66df1c002a25c\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 408064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8b57ac368b7d58ef401561bfd2ea4ec9\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\4733842548f5e5e369f5f4ee854b29bb\Microsoft.Office.Tools.Common.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\4021eb8bcb78d1a52c66f2bbe27b4698\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\0e541d178a5797ec61d0b97058e6cc2e\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\60fcea7acc6c048071451efa6d2f5fa6\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\0e81a3996f7cbff23fc01bea4185a918\CustomMarshalers.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\8ac8c91963eaf605a1bb1791e7d7f7e3\ComSvcConfig.ni.exe
+ 2012-05-18 05:11 . 2012-05-18 05:11 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\09f78ad9517d5d19de8498bac32fc9f8\XamlBuildTask.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\a61f64155e6b58da21013a5e4d6805c2\WsatConfig.ni.exe
+ 2012-05-18 05:11 . 2012-05-18 05:11 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c44ac264fef2a914248caa88a55d0c88\WindowsFormsIntegration.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\7a9f70fa774076a7ec19bc03e7064d0d\UIAutomationClient.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ed3ceb1418be2193021e5805d20f33e4\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\ea0b825a2dd1a056f6171170eb072d4a\System.Web.RegularExpressions.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\24306d65ca607c2771f8a8ec29cbb493\System.Web.Extensions.Design.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\df35e298c3d51e3d7f9c1e75516075d6\System.Web.Entity.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\18229264465a20eca56db1f4e6e2f5cc\System.Web.Entity.Design.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\482e67688c29a10f05d95ce674877bbc\System.Web.DynamicData.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5c350d0979d8f4ac150e7b8b4abd8734\System.Web.DataVisualization.Design.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d96e221bdd83feea8740868125d7bf65\System.ServiceProcess.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f8fa8f3947b4f9b6819d121537e39050\System.ServiceModel.Activation.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\d8b4dcd719a3805ab0bce3c8cdfe8288\System.Runtime.Caching.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd25ddcfa0417d40e3f1385e30abcd6f\System.Net.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\60f64e6d09e2c943944eded90b0514ad\System.Messaging.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\08397796343d5730a29f42e61c7f6ee7\System.Management.Instrumentation.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ff1250d2409bd16283c423650d6fd3f6\System.IO.Log.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\e60675d3ba7fa94924489dc8466ebff5\System.IdentityModel.Selectors.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e41e86da56bb60523251e0e08210a77b\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94d45f7f28d81304d7fa83bcea849141\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4c50d8a951546d6dffdc8bcb23f47a7b\System.Device.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\9242a5a839c4ae4f203c32b409dc7c42\System.Data.Services.Design.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\977c7c2badf6a9059ba8371a0f645fc8\System.Configuration.Install.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4330e93f9d0ef85f1a972e11c2ac5156\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0c67d9fc14856eb7d8b4e405aef79960\System.AddIn.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b046f2d5f056b906d7b25b75ca23575\System.Activities.DurableInstancing.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\4847f66153121ec4ed532909f7c152be\SMSvcHost.ni.exe
+ 2012-05-18 05:07 . 2012-05-18 05:07 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\d47740fc85ad70c686adc9fc9dc6e7f5\MSBuild.ni.exe
+ 2012-05-18 05:07 . 2012-05-18 05:07 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e4446a8d82b4412494e2409af7a4b645\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bdfc721f7e94acba00c2e92153307b70\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b2adaa453df6c958d3cf66ae051787de\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\76c2646d6cddec217d5d2f16bd5f4172\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6e4e81d647b98053d4b580d5afcf682f\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6436145cd57deecafff434e28a6e3d2a\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\71a317e85628917b1e67260adf87386b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\01c5ff7a1ea0463414736df5d449e0a9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\fe95f582de10dd69fefdc5eb3d6c48c7\Microsoft.Office.Tools.Common.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 864768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e81a95402a2987b4d4ae38bcb9458155\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b9a6beaed10911ac82589fa57c40e2be\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b0fbf20ee5981aa0fef03248709e8151\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\9e9206804811dba44d2b1d62a5ab7355\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\40338e540dd0ab135e483dc7acb541fd\Microsoft.Office.Tools.Word.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\3ad065635e1e0cd413081be61993cd38\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\71a3a98ff5fb128d3abf6ecc3224ba6b\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\f18a2a149b3e7f9cf74de1263c2ee337\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\7186c9237e315a433d3c6a31fea48310\ComSvcConfig.ni.exe
+ 2012-05-18 05:06 . 2012-05-18 05:06 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b2508932fa15972b0348fcdacbb107a4\AspNetMMCExt.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\ad7f43afb4f124acae4d503b40f591c1\WsatConfig.ni.exe
+ 2012-05-18 01:05 . 2012-05-18 01:05 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\01024669037c9183ddd64f15587f13de\WindowsFormsIntegration.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 161280 c:\windows\assembly\NativeImages_v2.0.50727_64\vjslibcw\be4d145304ddf3237d3a361088a03fb1\vjslibcw.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\VJSharpCodeProvider\8c6fbc5896e9e085da7db62b767981ea\VJSharpCodeProvider.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\1f36e020c3563e0ff414f13138e238e1\UIAutomationClient.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\d379960868e3ddf480e7cc8ef9bb5f16\TaskScheduler.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\de45d043775d8c805f6feca40d7a9ed2\System.Xml.Linq.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\d874c46671cd9abbf6a50771f0b9aa22\System.Web.Routing.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\7eff5db996d018d9073fa13194b834a6\System.Web.Entity.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\7efce2e6c76c9196cf654509f8ea0f64\System.Web.Entity.Design.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\4b28ba3615efb798884aeda107a19b8f\System.Web.DynamicData.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\8f989a07704d0266b9c3c94e77f6628d\System.Web.Abstractions.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\3b3581851a728bef36f319e9d4c72499\System.Net.ni.dll
+ 2012-05-17 14:32 . 2012-05-17 14:32 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\43ec89b6e70b73d9757fc56abf89853e\System.Messaging.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\599954438a668c94dd38e8e7e506ac2a\System.Management.Instrumentation.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fd51741bfd973ad507bbd141e98932f8\System.IO.Log.ni.dll
+ 2012-05-17 14:32 . 2012-05-17 14:32 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ef6abe121bb11bff2514bfdfb7e76b7a\System.IdentityModel.Selectors.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7c4ce1b8a2f83ef29aa6d5f126ab5b71\System.Data.Services.Design.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\19d1414f1ca718ce4d0c07e7305b3450\System.Data.DataSetExtensions.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\9536bb262c4f1ea389d287ab669767d4\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-17 08:19 . 2012-05-17 08:19 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\84262138e2e9f34c88fd282caa82baa5\System.AddIn.ni.dll
+ 2012-05-17 08:19 . 2012-05-17 08:19 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\176899be7b920fb20408ff49e636a776\System.AddIn.Contract.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\ee0608cd62dfb37016016884fc39e425\sysglobl.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 176640 c:\windows\assembly\NativeImages_v2.0.50727_64\SolutoUpdateService\c0123c5ffd0f200664fd57f2dc7ca045\SolutoUpdateService.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 859648 c:\windows\assembly\NativeImages_v2.0.50727_64\SolutoCleanup\9df2e78a8a58f70a2ad3427da5883bb3\SolutoCleanup.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\9fa1abf006689e262527ae50d452e97e\SMSvcHost.ni.exe
+ 2012-05-17 14:29 . 2012-05-17 14:29 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\2eac9c598de3341eba5c16787c74f220\SMDiagnostics.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\7d45ec87f7c6e48cc84c31b1bd530a2a\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 660992 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGWuInfo\95247a48af6555dd3671359783cde560\PCGWuInfo.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 199168 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGUpgrader\3a0696ce7068a8ca7c390b494eaf17fb\PCGUpgrader.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 518144 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGSAProbe\f4e4bb278c1a0c2d6a9456addc6c56ce\PCGSAProbe.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 635392 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGPrestoSerializer\7384a50fbaa0e095e9ebd5bfe50f5cd1\PCGPrestoSerializer.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 660992 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGPostBootResources\44c1cb16346c177144832ea002ecfb93\PCGPostBootResources.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 326144 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGDriverProbe\2eebc9aa4746a94e0bfd1e70c943cca0\PCGDriverProbe.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 501248 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGCatalogItemFootp#\5eeeb0372f9b00ca5879c50933a0f02c\PCGCatalogItemFootprint.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 175616 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGCatalogItemCache\ff1a6b1f4663d22e1a20895fe0e898d1\PCGCatalogItemCache.ni.dll
+ 2012-05-17 14:32 . 2012-05-17 14:32 274944 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGBootVisualizingC#\fdee970f34242b4aeacd3469e2aae7b7\PCGBootVisualizingCommon.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 472064 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGBootVisualizingC#\80701763faa88266b16225b2096b0e63\PCGBootVisualizingCore.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 264704 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\a8bfc6443caa05351bb23497f86db747\PCGAppControlPluginLoader.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\e6e34a15fae8dcd263837c44f0544775\napsnap.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\64b16629f316cac01ef383527b6f1700\napinit.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\5f0ae15f9d1cade37fbfaacff7e64bff\naphlpr.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\5346ceca518baf5e5fa3fed9f900f792\napcrypt.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\8f792883d0adad8c7beccf24aed65817\MSBuild.ni.exe
+ 2012-05-18 00:35 . 2012-05-18 00:35 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\fa8a9b4cb71f4c953f7d53de85e3d3cf\MMCFxCommon.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\b78beede8a3c9720095dde4a4a162acc\Microsoft.WSMan.Management.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\83222514e209f186ad3a1c3794168bfd\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\a843956bb452503139683304de4cc8f6\Microsoft.Vsa.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 202752 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f91011762717be2cbc01f328a806c37c\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 232448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d506bcf38b89f1fb1cd41e01a7d94298\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d48240069cf8be7809361ad1b0774d8b\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 209920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cfaa030ecf4e968aecd91ddca97d650e\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\c8c461dbe6ab47066c7890e6546a8907\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a17e7b2cec5b4664c1f7d3b69d03c6bc\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9522b90955f403c723b945cf1b201cf5\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9521ba9c30506a567c61ce1ef5ca57de\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 499200 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\902522b8368cc353596494d2e51bd34c\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\896b68690e47cba9c649c2dcdbe1842e\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7521a6224a26851550e2c903367e7a3b\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6c526095e23fbd4d302f5af66b03188b\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 390656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\639acfa01f065f3a0f8d41648ed5e1bc\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5ed12261431361b4871acd8720cc8379\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\509a056183d3cbdc5328cebac89d6833\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\03f81e1607fa8beb247080bfb1da3a56\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\c56d6513e4b239b1b1dbe29b0588321a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 236544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.ServiceHo#\0ab11080dd69582de6ead2b62654d34c\Microsoft.ServiceHosting.ServiceRuntime.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\f9b88c4ccd496ecc66c524383ee36d27\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\92f7f1c771fc7c909cf0d4da4d558105\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 318976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\4ac43f1030faa080a78faf6867448fc7\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\168f2d23b2652dd1a4d6eb7c8c008d51\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fb0d102ca78bd05fe7064b9e6be30fc7\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b21fa6ff448b99a97319e18c166c03e2\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c3fe42a14ac5b48ebd43be290973d24\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2572e94f9d0b412cdc529c8d74fdb689\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\76a605a7242599d109e4003cd4a82296\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\0a990cd86a6f8e222ed4c6fb3a9f155d\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f04ccbbf5199d2b264f1b1175be44686\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-05-18 00:35 . 2012-05-18 00:35 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f015188310f7613f819fcf032f98705a\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-05-18 00:35 . 2012-05-18 00:35 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e3746bf344cd668d2ad4e1d697f025ff\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\76e14a8d184f1722f80bc6a72513874d\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6dbd502a13b5e3caae0b1f2b4847612f\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\514667153fd74307d21e7f50b79858c9\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18367b9a0b9e9261d1d9e371230af87c\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-05-18 00:35 . 2012-05-18 00:35 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\88ccabfe6c21211a07cafd298beba3cc\Microsoft.ManagementConsole.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\b236966204e611b7c0d565d99ae2f250\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\a92fbdf48c09de9c994cfea90f23af13\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 153600 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Vis#\efe7defca3dd2ccb84ef469856103c5b\Microsoft.Build.VisualJSharp.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d68a27daca73749e4438a47e61643c3c\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\3151235c1c38db94fd44e3c6f290ff38\Microsoft.Build.Utilities.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\cf5e9b5d10682467a9e03358a6d6258f\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0f233d0eb396065719e83ab573a72cc5\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\2416af06edb993f98a751acb69f67016\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\6f349c73ef576c22a24f91e9515e3262\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\27720739f6d0c67ac269b180dc066fd0\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\69286d5692277a166404cb897a8b2e7a\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-05-18 00:35 . 2012-05-18 00:35 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\74e4adc90675c3b1365825c7e78b5ce9\Mcx2Dvcs.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\4a1f9a648a3928d42b77a91666d9aa8a\mcupdate.ni.exe
+ 2012-05-18 00:34 . 2012-05-18 00:34 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\40d70417c04f9ccb5fdecb5b9be5a6a3\mcstoredb.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\0313d55497bb7899e272458bbea0511d\mcplayerinterop.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\ca17dc765ce4c00001ef7a0aa83c8853\mcGlidHostObj.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\Ionic.Zip.Reduced\6b4ea8a43b49c422c6346ffb6e98d1e7\Ionic.Zip.Reduced.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 165376 c:\windows\assembly\NativeImages_v2.0.50727_64\Interop.NetFwTypeLib\ca62b1e530fd47e954ebb5650b8fd37b\Interop.NetFwTypeLib.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 405504 c:\windows\assembly\NativeImages_v2.0.50727_64\Interop.IWshRuntime#\4307a07a28f5b6d2e8ad624080a07afc\Interop.IWshRuntimeLibrary.ni.dll
+ 2012-05-18 00:35 . 2012-05-18 00:35 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\e8ddd4720d38a796259f0aade9f1caf0\EventViewer.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\584d419d4c837ea19f7f450a807b0273\ehRecObj.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\20c3505378a50f4859c9b2e7dcbb5fa2\ehiWUapi.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\2f9f48ad6496c9103043db1c21a651fd\ehiwmp.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0955237aa3c1cb3a643248b8c58ec34c\ehiUserXp.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\7998173654fa518876cc97e37b86d465\ehiiTv.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\6c97aa6908f96ac9816ce74e4f6251ac\ehiExtens.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\a501747a95523297a8a1f119df8b1642\ehiBmlDataCarousel.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\414bbac4e1d7761a336bb9d74b9b243a\ehiActivScp.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\d4f0d7fa581a8117efa5a2dc684d126f\ehExtHost.ni.exe
+ 2012-05-18 00:33 . 2012-05-18 00:33 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\ff7ef4caed03d6934669d1a39877a8ac\ehCIR.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\b7916689137fd0bc9ba1ba5a27e2a38a\CustomMarshalers.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\cc6e6febcd804604bf4d92d0eb8ec6ae\ComSvcConfig.ni.exe
+ 2012-05-17 14:28 . 2012-05-17 14:28 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\d18719c2df1334364cac199bb9c86adf\BDATunePIA.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe
+ 2012-05-18 05:06 . 2012-05-18 05:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\994df404900182e0102d4c5dc9810a8d\WindowsFormsIntegration.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 452608 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\5813e53593d0a42a902140c82bd8f013\vjswfccw.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 112640 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\4f1eed379849f37c99e29fd713b9f53c\VJSharpCodeProvider.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\779b08c46960a1824503aa6f089673fa\UIAutomationClient.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\a106c2f6597c4a80c1d3a75224d72402\TaskScheduler.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0ad442240c6feafbc1dd0ef1cda57fc8\System.Web.Routing.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b129372a27469195acbe3b6b81786ef\System.Web.RegularExpressions.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e264ed8cae4b69017046686990537ea6\System.Web.Extensions.Design.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\a35ce57fcd882d809dd3d6c22af7d3c0\System.Web.Entity.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\bbab10e9c07bf9ffe2e1de6620ff40ab\System.Web.Entity.Design.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ee364fc0a904d8035cf21ed722602425\System.Web.DynamicData.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e180769a4c85964760934226d795a5b2\System.Web.Abstractions.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\efb741df80921d51e0f19679751ebf55\System.ServiceProcess.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\0b5f082230e3486412e0fa333290e85a\System.Net.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\20d81596f0a78f61d0cfe7b1f75e052c\System.Messaging.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8280490a2939075b726fd051d9010cc0\System.Management.Instrumentation.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a03191ed937f6c1dc827b53d94ea0176\System.IO.Log.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\00eb13ee45b1b1d9e1286b12b629732f\System.Drawing.Design.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55545e89f96539ef93375524d1145a6f\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e36e03067b12bc35fcc3787dc81022c8\System.Data.Services.Design.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a29fff52e2c3d13ec15e8701027ab17\System.Data.Entity.Design.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d3325c6bced333a67122db7414c1fd1e\System.Configuration.Install.ni.dll
+ 2012-05-17 08:19 . 2012-05-17 08:19 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\1ed79278fe139272e868e3a53d736f22\sysglobl.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b0b19607668635281fa260707f4352f\SMSvcHost.ni.exe
+ 2012-05-18 05:03 . 2012-05-18 05:03 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\59c2cd79a64e55c0928ae775a4f9881a\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7df1f379457aa5f39183903d115b5479\PresentationFramework.Royale.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\496bc57a53989bb83ec58865fa34be1d\PresentationFramework.Luna.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\dbe83f0466f3c15f2391432c46be4992\napsnap.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a116c35c69449bbc7dbab2a7a4cf4b86\napinit.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\e0c40329b9cdd7f141a3702d79eb4bda\naphlpr.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe
+ 2012-05-18 05:03 . 2012-05-18 05:03 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\ee856f5244b04ad8bff60614b09474a6\MMCFxCommon.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\070505350ec9daa3343b3cd2bc8cf59e\Microsoft.WSMan.Management.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f6440c28d802666b53c95a63663dc7d2\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d3d3ffda4ace48b6c4ed9a0faa84415f\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 337408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cbaa2c3a4e91129440a784827d1d26bb\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b119e887234a7f1224228551135ea8d4\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a9f6c9b07b5450581322eada5a828b89\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\913fce36cb050a091d692e8d090ee3ae\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\795a204f35e7cb4929d447092c47f9e9\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\783a4e24531ee190eb826509f8cc2a45\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6c7ccf3f7fa572b45a31097585b9be71\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5cdbdb1386f3060d12c31352910d59d3\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4bc310439d3df869c82d0064c3e1180a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\41955a4db3b549890a807d07ac442c6c\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3d016be961a0f7e1941e0ceca394ed9d\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\162ce2b19805506a797d39fc5dd7e5a4\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-05-18 04:02 . 2012-05-18 04:02 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\09497665f724d5653c551930e70ed33f\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1e639225ba30d7f182b893ddacea506b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\8c10fabe7b25fbced5d8078481c9e9dc\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\637695a13f044c7fc5a8d8779e5a64ae\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\46ed27cb96f5c90ec8f61d08a116d9f6\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\1cea81520a22da5621733cad33e75ac4\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4c36b363fcd1ca494218e74ba606e99\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba2ca86f5d270f493501848843d2f227\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\607324a312b1c6d7fbede8300e8cee91\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f1185444c8a12ace85ba4c2d49f41f8\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12715b7e3e89758161053520b57764b2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\da4260d05d836f4eca0e55d5c250c411\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-05-18 04:02 . 2012-05-18 04:02 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\bf71f767586e2c25a970df71759a80a1\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\338daeda981c6b1a94fd127a6fe81d65\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\069ea08674de0d405326a0dd79fdae35\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\67ba34f9106034f481597e4e7ce3e197\Microsoft.Office.Interop.InfoPath.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\20ff7a71560e4becdc686b2c2ab73da5\Microsoft.Office.InfoPath.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1f513d51b62f58e6152da6c69354c3e4\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\3b7e2d4895e100c465d87d12a7d4fab2\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\0d6a371076a696788268aa5e78b2de39\Microsoft.ManagementConsole.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\bfb3100618f589638a8a31ab52135ca4\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\3584075088f2afcefdd79deb71739610\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 343552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\fffcd9e63e3068533e45ba0dde5d17be\Microsoft.BusinessData.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 102912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Vis#\68c5191e285e5994cc3724751770f971\Microsoft.Build.VisualJSharp.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7e59b3b84ca3c61adfc0dc74a65ea177\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\432160eff3b1f9301c6a74c2e647e03d\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8297305de86377d0070a983d99a7f943\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\f5c8d05dd9f9fbe83f29ba678aa5128a\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\50798d0e8d804610575172a794cd4766\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\541a5bb4d0f8490e506f885a4b435566\mcstoredb.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\464674d5e3ef52ffa0fccc2043c38e0e\EventViewer.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\5ae5c6732ef8e7115baaeb66fd69cdd2\ehRecObj.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\c4a5ce4f89c53b9601d13d22d01cf0bf\ehiVidCtl.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\cbf3a07d3ab873b19f47d6a24f06c796\ehiProxy.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\5cc4a5672758f4732ef430b3431f47fc\ehiExtens.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\83314c8ed8a90829fff41be1364833ef\ehExtHost32.ni.exe
+ 2012-05-18 05:03 . 2012-05-18 05:03 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe
+ 2012-05-18 04:02 . 2012-05-18 04:02 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\e1c3540ffb669448747187f76c6ebe82\BDATunePIA.ni.dll
- 2011-04-12 11:16 . 2012-05-16 08:12 3375656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-758114258-3968903629-661088288-1849-12288.dat
+ 2011-04-12 11:16 . 2012-05-19 07:26 3375656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-758114258-3968903629-661088288-1849-12288.dat
+ 2012-05-18 01:07 . 2012-05-18 01:07 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\4e962b1751cd3b039c5186963ad5f130\WindowsBase.ni.dll
+ 2012-05-18 05:11 . 2012-05-18 05:11 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\6ee9d76d9f1e618cd6fb94b13355bcc9\UIAutomationClientsideProviders.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\28ca4f076264ab07f1d00a6c9623dc49\System.Xml.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df013cbfec0defc7e9997cdaa90b89bc\System.Xaml.ni.dll
+ 2012-05-18 05:11 . 2012-05-18 05:11 1601024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\3252967edec1f856e465c82a6317242e\System.WorkflowServices.ni.dll
+ 2012-05-18 05:11 . 2012-05-18 05:11 2887168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\ab44c8403068d477d3ccb63a7b99c796\System.Workflow.Runtime.ni.dll
+ 2012-05-18 05:11 . 2012-05-18 05:11 5909504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\5eb27de177d540dc57a64fbd1bd18e15\System.Workflow.ComponentModel.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\5ec85c6bddb9ee78d6d194c8c26431e9\System.Workflow.Activities.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\6003f51e67a2ae938571bf999135a05a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\d27c82130281d30a958f94d9f7027e34\System.Web.Services.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 2964480 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\0b71201a86896a57528d1b8a9b3259ee\System.Web.Mobile.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 1100800 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\98aadfd4589d9cc7f1dce2591c122a38\System.Web.Extensions.Design.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\9047e6ff650e4b53c9f0de702efca34a\System.Web.Extensions.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\6a03ca487b4f38986a4b4e50fc52d7b1\System.Web.DataVisualization.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\cd7c3aed4408c3554c30a8f0236b90e1\System.Speech.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\94289b88c5b494f572cd7114fa995487\System.ServiceModel.Activities.ni.dll
+ 2012-05-18 03:26 . 2012-05-18 03:26 1506816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\755b7b34d1055295c619713f010f17b9\System.ServiceModel.Web.ni.dll
+ 2012-05-18 03:28 . 2012-05-18 03:28 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\2dbc7aabd92cc0d470acb455c498d919\System.ServiceModel.Discovery.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\affb28e2d9cc3c19de0758e7e8c68e8f\System.Runtime.Serialization.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b37e6f4b1d742031f328504eb99d0f6c\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\e29ea726977686cc14c3a57e351e8661\System.Printing.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\b83f2453b4538b2e80fe09cfd94dce00\System.Management.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\60bf6251873ef465abcebeb9a24b7932\System.IdentityModel.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\97b0b093e73d3a40aa4fd72f38bd5070\System.Drawing.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\a68116468a194678fd04167067134712\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\3a737af86a6a819af97a6d1a04c0e944\System.DirectoryServices.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\c66de888fa426d24e6ff4c4725aef1b0\System.Deployment.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\0ec8effb7b9d03ae69d37922813bc880\System.Data.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\0eb72df497fad5c273ff16f88b0fb950\System.Data.SqlXml.ni.dll
+ 2012-05-18 03:26 . 2012-05-18 03:26 2703360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\ef77bd7c278e00372440bc2a2d6bfef0\System.Data.Services.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\536e12016ad3adc78e0708b77e6b9219\System.Data.Services.Client.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\9ae2ebd5a18f5e129b09e1691126fce4\System.Data.OracleClient.ni.dll
+ 2012-05-18 03:26 . 2012-05-18 03:26 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\86553c1d7f3e66c17fc3e0274de7a2de\System.Data.Linq.ni.dll
+ 2012-05-18 03:26 . 2012-05-18 03:26 1750528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\4997c69ce25208cb230a7f6f81c4dc83\System.Data.Entity.Design.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\6aea67f24827961ce1d48356715389d8\System.Configuration.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\eac19ca5a18a6d08cd247e68b618ba68\System.ComponentModel.Composition.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\3869077874ba987242c791b3a18b2f8b\System.Activities.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\cffc381c37033e26f6aecc9de6f4f793\System.Activities.Presentation.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\96083298999a677341c98fc2bf01b248\System.Activities.Core.Presentation.ni.dll
+ 2012-05-18 03:25 . 2012-05-18 03:25 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\36d8641ebc8601162adae65242087d85\ReachFramework.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\45b96dd6ea9eb2c7f16ea7b5a1ce6a94\PresentationUI.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 1891328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\f1a22e22627669cfa6df30d1b4051988\PresentationBuildTasks.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e8180bc4b9fe2cfc2c4378fc1b24ccd0\Microsoft.VisualBasic.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\2d93e4c70cd81462c46c8003e71e88a8\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\16425c121db8083cbaa51f619c9e51e7\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-18 01:07 . 2012-05-18 01:07 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\5284682fcf04815a86233bcaf696da66\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 2034688 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\c2fa8dec6dca016375d2df5f3e2e0e71\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 1117696 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\43d8469dff36241d51597e36e37238ec\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\39307d6d9229859c38d3e7d72ec2b6f0\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\35c0b45c2f6e74a962bd3c640d6aa798\Microsoft.Office.Tools.Word.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4b1d24a96b3882f9e77445e48a7c59ee\Microsoft.JScript.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1ff62486cdefbfc2dab41b686a9aa4e2\Microsoft.CSharp.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 6004736 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\8186ee6e68fbefb30dca7b41ec0386c4\Microsoft.Build.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 3821056 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\bc4566f2c0a24c0ee42a1d897e2ff0b5\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 2521088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\d0d3c1cf8ab4b8b5534a1e5a77d34f09\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\b36d993e4592c6fe72f695fac2c75d95\AspNetMMCExt.ni.dll
+ 2012-05-18 05:11 . 2012-05-18 05:11 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\24ed0e1df6a605cdb2088f87ae2ab8ff\UIAutomationClientsideProviders.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\40d18a6ee729a42e0e900fbb95969b05\System.WorkflowServices.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\b0d4852fc57aed572307b110107affa0\System.Workflow.Runtime.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 4462080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\a72a5c95b43bc997fabc953afdcf0899\System.Workflow.ComponentModel.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\19898d59f6026747f16c11350cd30ec8\System.Workflow.Activities.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\dbf1ad6d474e9a53467a625d583df2ec\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\dbe597aa9c12df5d08fb2f3f9872b834\System.Web.Services.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\044637ba8bd9aa866eddf30975acb730\System.Web.Mobile.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\27a385463a8570bac7852d54ab5f6507\System.Web.Extensions.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\53729cfebb3922a0cf122f707c139a59\System.Web.DataVisualization.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f368c85283c4e6c9650dd1c8d369dcc5\System.Speech.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f42c2acdb000001066c78acfc6cd8655\System.ServiceModel.Web.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\2a5d3d1de001807ca96c5853e8243df6\System.Printing.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0fe1e56d17858b6156a3a46330f75f27\System.DirectoryServices.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\fdbf117eb502bcf7ea9b4f5af98889ee\System.Deployment.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 2026496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\9b0a11f0270b5bbeae593ca5c584afaa\System.Data.Services.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b894a1df3e6d58ada8f1aa303465ca23\System.Data.Services.Client.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\d62b53e7a5528b03ff512c624a1fdb83\System.Data.OracleClient.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\56e7e8cf5ba51bc1d284209d75a194a4\System.Data.Entity.Design.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\51025a1c89f6fd752a5396a059d608b2\System.Activities.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\b1ce26c14c922bdc5d45b0ab6b48e111\System.Activities.Presentation.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\66893548d2b2cad29cabf3b3578f356f\System.Activities.Core.Presentation.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0b61a086e3bec9ddde1a1a4722a9142d\ReachFramework.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\6059daaa173546e091cb234a96132408\PresentationUI.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1479168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\96e437d1e82e54e63ed96af50e96d03d\PresentationBuildTasks.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\75684af3794c47e8262049062eb0c8e8\Microsoft.VisualBasic.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42a7f127f3fda82fb12c6a6e144d08c1\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\317cf525323190cc0eedba3bc1682b17\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9a37f4e64ce5b856ac3892fef064c7de\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\d9ab2d09cdeb5a96f1647ebff69e3117\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\75b5582d78e7e051b3f84742ef0edf7c\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-05-18 05:10 . 2012-05-18 05:10 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\cfcc92c125ddfaabad24abe61cfc0471\Microsoft.JScript.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 4248064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\5246fa832baabf6e3706fd537fe19062\Microsoft.Build.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\4890825ec964d43aaa0e14bdd642526a\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-05-18 05:07 . 2012-05-18 05:07 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\520f23eeaf6b5241a74a56338e8b89f8\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 3453440 c:\windows\assembly\NativeImages_v2.0.50727_64\VJSSupUILib\fd86a78147ee31a78a25c83da41ffe33\VJSSupUILib.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\783df1ee260d3df406fa80afa38502d4\UIAutomationClientsideProviders.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\aaa06e50d7759bcdb538fe1588e3cd1e\System.WorkflowServices.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\c14386b0da045e8341bde293735ce45e\System.Web.Mobile.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\f0485838bd18623d6a9b5ace539d42b7\System.Web.Extensions.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e3c46a2aff3eceecad014e99eb67859d\System.Web.Extensions.Design.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\ca51f026916139f886519fdf6d6c73e9\System.Speech.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\56ee9b5f220583c1c7374a61ad904044\System.ServiceModel.Web.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\265531568722647aab229a2cec195b3d\System.Runtime.Serialization.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll
+ 2012-05-17 14:32 . 2012-05-17 14:32 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d1f21a29e79e73b5401fae156f339f67\System.IdentityModel.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\39d16229a3d5c6e7c1594ef10758bf75\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 1032704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlServ#\a8df0f5f30c4b355a25b83c839e63dba\System.Data.SqlServerCe.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0679fe5f3f9164f499e50cdade962ba3\System.Data.Services.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\2e9de1acfb7974cad94b747442ca325f\System.Data.Services.Client.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\2ec3d436b861d35c586b710a570e170d\System.Data.Linq.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7b5364bc524988f7ca5b8c20a24119d\System.Data.Entity.Design.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\766ce7ee1a2e4f2a85fd90e7572f5d53\System.Core.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\5951752b6e69820526ec317d01a448e3\SrpUxSnapIn.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 2916352 c:\windows\assembly\NativeImages_v2.0.50727_64\SolutoService\9fe8822465606b3193a22ca99e04ecdd\SolutoService.ni.exe
+ 2012-05-18 00:33 . 2012-05-18 00:33 8558592 c:\windows\assembly\NativeImages_v2.0.50727_64\SolutoConsole\826c9f174719841a340b71627c169570\SolutoConsole.ni.exe
+ 2012-05-17 14:28 . 2012-05-17 14:28 2207744 c:\windows\assembly\NativeImages_v2.0.50727_64\Soluto\d85616d6accac7c3679f8906c22696d2\Soluto.ni.exe
+ 2012-05-18 01:03 . 2012-05-18 01:03 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\4fbff79b8ebf082d08c0080923ff5036\PresentationBuildTasks.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 3657728 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\36eec733f42d409f871db5a217bca8f3\PCGPreCompiled.ni.dll
+ 2012-05-17 14:28 . 2012-05-17 14:28 3562496 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGFramework\d7d15176a41c1c94742c33b93da1fb6b\PCGFramework.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 5024256 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGDatabase\66b7e51002efbca2b926864685406c48\PCGDatabase.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 1086976 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGDataAggregation\5bb2766910d89c2fd1b75e56d030d21f\PCGDataAggregation.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 1812992 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGCommunication\1cc998f439f6de890d7bd332fad020b1\PCGCommunication.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 1324032 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGClientCommunicat#\88a30e1a2246824379f2695aa2f899c3\PCGClientCommunication.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 5930496 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGClientCommon\8e77970a08a21133c921db34ed3804ba\PCGClientCommon.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 1286144 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGBrowsersProbe\2f2988e32b2a73de2dfa47ec7de48284\PCGBrowsersProbe.ni.dll
+ 2012-05-17 14:30 . 2012-05-17 14:30 1875968 c:\windows\assembly\NativeImages_v2.0.50727_64\PCGAzureShared\1f84633644900517dd68a7d81d55876a\PCGAzureShared.ni.dll
+ 2012-05-17 14:29 . 2012-05-17 14:29 2157568 c:\windows\assembly\NativeImages_v2.0.50727_64\Newtonsoft.Json.Net#\75c0bbad76644d0c8c646092366c7207\Newtonsoft.Json.Net35.ni.dll
+ 2012-05-18 01:03 . 2012-05-18 01:03 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\5580b3e21a01e35a31fde50daf47dd51\Narrator.ni.exe
+ 2012-05-18 01:03 . 2012-05-18 01:03 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5be0adfd971512081ef05f9f6945e4b6\MMCEx.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\5d0a616109f57e01b229b5198f65f9ce\MIGUIControls.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 1877504 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1dcc7a3940f5e4be8da3dd0b66bc38c0\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1a3d4874cecc47af7d14bce65624ddf9\Microsoft.VisualBasic.ni.dll
+ 2012-05-17 14:32 . 2012-05-17 14:32 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\28ba52bc122353647f1b547506e2df7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f5790625975320b1ffad63b476da9132\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d36f839da1178e7b367865e129f2dd93\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99049fd20c2a5e2779e879c2d95c96a2\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7db5caa649e2635ee1f0402908608c09\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\e50bcf9560f996a61e190e6cc0433df5\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\89f2f95aef5d052f3129da02a4b4c6bd\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\732350ddae1daaca1572d9cba85b5dcb\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c057be8bb6614cce013af3721fe34983\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b5fdd84429b629dea08f5381bfe7b07d\Microsoft.MediaCenter.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\71dde46ad3873a4ce4421dc2de899067\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\260d83ee2128a3388051cf416d4450b0\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\094f6a515ca31504f96b4bad5848d692\Microsoft.JScript.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\c9039ca896a9b08f8d8e42c3e8ffaf56\Microsoft.Ink.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\dbfa4f1816f40f6e4603be9da9397679\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\c18a49c1a1ca763e94659c90dd1bdc5e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\26b5aa922e962885da94235cb1775761\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f1a0df6a86ceb708c5e50338f12b77ba\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 01:01 . 2012-05-18 01:01 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6b727c7aa69ae3e04a869908bfbae696\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\e1d1dad222992080f8b5c875f7d497dd\mcstore.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\596902addad034f4df2caf291b12d61d\mcepg.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\cdad46cd58389f53308b735e6f29ce1f\ehiVidCtl.ni.dll
+ 2012-05-18 00:34 . 2012-05-18 00:34 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0423915e377ec85d71ac216fafa77ab0\ehiProxy.ni.dll
+ 2012-05-17 14:33 . 2012-05-17 14:33 3431424 c:\windows\assembly\NativeImages_v2.0.50727_64\Community.CsharpSql#\5a22d7a8064d3626a8aa4affd9f187e1\Community.CsharpSqlite.ni.dll
+ 2012-05-18 00:33 . 2012-05-18 00:33 1473024 c:\windows\assembly\NativeImages_v2.0.50727_64\AmCharts.Windows\1bd32286996ad4f846aac8422271383a\AmCharts.Windows.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 3262976 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\fa38455064ff17961ddd8c7468b8ac5f\vjswfchtml.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 7012864 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\7fe199c41a161f79dffe9deb7ba25ee4\vjswfc.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 2562048 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\5086f0b66df24c1e5a1039a0c5b17566\VJSSupUILib.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 7960064 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\4e7a45216d4e7d4542e5382c245b5d03\vjslib.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3b452cde57280624e1085699fe8beb03\UIAutomationClientsideProviders.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c83ab416d2a2f3fa4f2d093963f46c3d\System.WorkflowServices.ni.dll
+ 2012-05-17 08:19 . 2012-05-17 08:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\bfa1ffe928b4e3fd6701aabfee7df15e\System.Workflow.Runtime.ni.dll
+ 2012-05-17 08:19 . 2012-05-17 08:19 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\d536897959cc07510569c6ddfe69aed0\System.Workflow.ComponentModel.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a1976b3dc043730ad58f9693fc1fa462\System.Workflow.Activities.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f6f655e69a1eec397e67cd87e095f404\System.Web.Mobile.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ab83e0de98f69306d49754a9174bf10a\System.Web.Extensions.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\8c03c02eb6790704230bc067e943d344\System.Printing.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a8495b797e6f7adddc5811a4e1f97db5\System.Management.Automation.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\11d24644241d3050868b947ecfa0b4a8\System.Deployment.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e9774272e9fc6ca49e6c616a31783040\System.Data.SqlXml.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3285887b33030a7ce453573d3bed4e95\System.Data.Services.ni.dll
+ 2012-05-18 05:06 . 2012-05-18 05:06 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\330d3ad45a00455b537047183e128def\System.Data.Services.Client.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0f4e07fb8b1b7e7133a98f478856f70c\System.Data.OracleClient.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
+ 2012-05-18 05:02 . 2012-05-18 05:02 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\58843a8b6e9beb2154fa73aee180f9be\SrpUxSnapIn.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\e17b226e5d776b90abdda2bfe81a45b8\ReachFramework.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\deaef1aeea06eb68e6d4c7ba95d5a2ac\PresentationUI.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b3f13707cbd5d48aabaa9ef5264c8a30\PresentationBuildTasks.ni.dll
+ 2012-05-18 05:05 . 2012-05-18 05:05 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\2765de8f1b3d8b1da336d3e70121e3b2\Narrator.ni.exe
+ 2012-05-18 05:05 . 2012-05-18 05:05 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e7c74193104063352085477c2d866a93\MMCEx.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\922d749af286fccba928ccd4456ec222\MIGUIControls.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1300992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0849dd848383994c63dc00278f64ddae\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7046d73435e4cb840cc1afea22aba9a6\Microsoft.VisualBasic.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cd9e47effec6549cdec61eb3aef99f7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fce19ef1694f4fc4db08ffb0237f4ac7\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86ad0b271dc4905c82b11c21dc33b1a9\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7ee29045f76b1e9577bfc1e0fab723d8\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\35417f4b50dbac4199b023158694a91f\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\6372f4d109a72f968a6a089ef5cfa23e\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\30ffd6903e3a93b79217c714135184d3\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\ef9c410f813700383569b1eb7d588eb6\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\802fedab669472617ec1f803abcf4e91\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\68ae29c06463a7e956dbd4e6e1ab4cef\Microsoft.Office.BusinessData.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 2091520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\48775ea9d4036cb8393d327f9465a525\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c31b76610d07fcaa42a8eddcbca8bd30\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\28efe61ef266e48178a379a830623b20\Microsoft.MediaCenter.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\2ec9426778058b0a331acb9c12c08200\Microsoft.Ink.ni.dll
+ 2012-05-18 05:04 . 2012-05-18 05:04 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\6a07260effa6857b0c16282969038b00\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a519a2c009c973846c3712038a0cd308\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\24849ea16bc781c24452fddd856b31f2\Microsoft.Build.Tasks.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b66f52dbd8f87e53c3c9a1de7ca5bba\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\d346e535d1caec5d4ed0dd2be5c193d3\mcstore.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\69b8de21b08c3412422c5918399ed702\mcepg.ni.dll
- 2010-10-19 06:17 . 2012-05-17 07:48 16449196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-758114258-3968903629-661088288-1849-8192.dat
+ 2010-10-19 06:17 . 2012-05-19 08:09 16449196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-758114258-3968903629-661088288-1849-8192.dat
+ 2011-03-24 09:52 . 2012-05-19 05:55 30073552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-758114258-3968903629-661088288-1849-4096.dat
- 2011-03-24 09:52 . 2012-05-16 08:12 30073552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-758114258-3968903629-661088288-1849-4096.dat
+ 2012-05-18 03:24 . 2012-05-18 03:24 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\3e1fa07a8e487acceef1c22275f08779\System.Windows.Forms.ni.dll
+ 2012-05-18 03:23 . 2012-05-18 03:23 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\346afc68572905e802b4859c40a11e9d\System.Web.ni.dll
+ 2012-05-18 03:27 . 2012-05-18 03:27 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\c4cc7eb7733c4221c32caccfd66ae320\System.ServiceModel.ni.dll
+ 2012-05-18 03:24 . 2012-05-18 03:24 13300736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\64dd1d7dbf03007620f94093c46f3306\System.Design.ni.dll
+ 2012-05-18 03:26 . 2012-05-18 03:26 18479616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9df4e7ae75baa7bbb1af30c8061a6e9b\System.Data.Entity.ni.dll
+ 2012-05-18 01:06 . 2012-05-18 01:06 10440192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b64f213e823a591607c45fac4997801e\System.Core.ni.dll
+ 2012-05-18 01:08 . 2012-05-18 01:08 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\5eb97ad52c10035367b07021f1febe97\PresentationFramework.ni.dll
+ 2012-05-18 01:08 . 2012-05-18 01:08 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\c750a4d32ab6ff508c2a8825cc7c9e7d\PresentationCore.ni.dll
+ 2012-05-18 05:08 . 2012-05-18 05:08 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\14a0374c65e29cfc3da2ebdd18b41de0\System.Web.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
+ 2012-05-18 05:09 . 2012-05-18 05:09 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7aa839fb16503243d6ae454ab334bcf4\System.Data.Entity.ni.dll
+ 2012-05-18 01:05 . 2012-05-18 01:05 11090432 c:\windows\assembly\NativeImages_v2.0.50727_64\vjslib\4838067b41223aca08ebadae075f3fdb\vjslib.ni.dll
+ 2012-05-17 14:32 . 2012-05-17 14:32 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\f74b2d1b8cf279ff6bfe479f79e70fe9\System.ServiceModel.ni.dll
+ 2012-05-18 01:02 . 2012-05-18 01:02 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\00c4a761d0a5cafc00f34d763fe76ac4\System.Management.Automation.ni.dll
+ 2012-05-18 01:04 . 2012-05-18 01:04 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\daaff9fe9c85fc171d426a3cb6766dbb\System.Data.Entity.ni.dll
+ 2012-05-18 00:35 . 2012-05-18 00:35 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\4196726740ff1568fa3de5dac3a64513\ehshell.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3aa966e818d35f094e23bbbdcf1b4297\System.Web.ni.dll
+ 2012-05-18 05:03 . 2012-05-18 05:03 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\4fe5471456fef11742180706a67d6d7f\System.Design.ni.dll
+ 2012-05-17 08:18 . 2012-05-17 08:18 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b1a95b0145ac26d9637b894ee38d5eac\PresentationFramework.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\35652d0f564409d493f4f2053d40154d\PresentationCore.ni.dll
+ 2012-05-17 08:17 . 2012-05-17 08:17 11492864 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
+ 2012-04-17 08:02 . 2012-04-17 08:02 162829312 c:\windows\Installer\66d94.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MFP and Storage Server"="c:\program files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe" [2010-03-26 1925120]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-03 288312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-11 11265536]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2011-04-15 472112]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-07-21 12023568]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-04-30 103536]
.
c:\users\kkheng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-8-20 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R1 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/20 17:33];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-08-25 05:06 148976]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-11 297984]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-03 506472]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 05:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sharepoint
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.austinheights.edu.my:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: kuaiche.com\software
Trusted Zone: microsoft.com\sftasia.one
TCP: DhcpNameServer = 192.168.1.1
DPF: {BCD8A973-8E6A-4A86-ACE0-73389E9EED00} - hxxps://172.16.10.1/iClientAx.cab?pid=2A139CC421F0A8064BCB
FF - ProfilePath - c:\users\kkheng\AppData\Roaming\Mozilla\Firefox\Profiles\u1piopx9.default\
FF - prefs.js: network.proxy.ftp - 192.168.200.189
FF - prefs.js: network.proxy.ftp_port - 9505
FF - prefs.js: network.proxy.gopher - webdefence.global.blackspider.com
FF - prefs.js: network.proxy.gopher_port - 8081
FF - prefs.js: network.proxy.http - 192.168.200.189
FF - prefs.js: network.proxy.http_port - 9505
FF - prefs.js: network.proxy.socks - 192.168.200.189
FF - prefs.js: network.proxy.socks_port - 9505
FF - prefs.js: network.proxy.ssl - 192.168.200.189
FF - prefs.js: network.proxy.ssl_port - 9505
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-SolutoService
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SPBBCDrv]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-19 16:28:28
ComboFix-quarantined-files.txt 2012-05-19 08:28
.
Pre-Run: 128,095,428,608 bytes free
Post-Run: 128,384,294,912 bytes free
.
- - End Of File - - 6457A97FFF5273FBE1269B4FBBD8A891


Until now, my svchost still hog to my cpu. i have to use process explorer to suspend it.
This is the svchost that take up all my cpu resources

"C:\Windows\SysWOW64\svchost.exe" -g no -t 3 -o http://tang0-hote1.com:8344/ -u kdljjxmh -p zddatlknkojwo

C:\Windows\Installer\{909f84af-453a-02b8-dd51-87690ee9e1c5}\U

there's few file with type @ keep on self creating despite being quarantined

Edited by iori_argami, 19 May 2012 - 06:03 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 19 May 2012 - 12:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 May 2012 - 08:02 PM

Hi,

This is TDSS report.

09:00:23.0471 7876 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
09:00:25.0097 7876 ============================================================
09:00:25.0097 7876 Current date / time: 2012/05/21 09:00:25.0097
09:00:25.0097 7876 SystemInfo:
09:00:25.0098 7876
09:00:25.0098 7876 OS Version: 6.1.7601 ServicePack: 1.0
09:00:25.0098 7876 Product type: Workstation
09:00:25.0098 7876 ComputerName: JULIUS
09:00:25.0098 7876 UserName: kkheng
09:00:25.0098 7876 Windows directory: C:\Windows
09:00:25.0098 7876 System windows directory: C:\Windows
09:00:25.0098 7876 Running under WOW64
09:00:25.0098 7876 Processor architecture: Intel x64
09:00:25.0098 7876 Number of processors: 4
09:00:25.0098 7876 Page size: 0x1000
09:00:25.0098 7876 Boot type: Normal boot
09:00:25.0098 7876 ============================================================
09:00:28.0833 7876 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:00:29.0061 7876 ============================================================
09:00:29.0062 7876 \Device\Harddisk0\DR0:
09:00:29.0092 7876 MBR partitions:
09:00:29.0092 7876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x1C2000
09:00:29.0092 7876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C2800, BlocksNum 0x24A67000
09:00:29.0092 7876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x24C29800, BlocksNum 0x400000
09:00:29.0276 7876 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2502A000, BlocksNum 0x404000
09:00:29.0276 7876 ============================================================
09:00:29.0323 7876 C: <-> \Device\Harddisk0\DR0\Partition1
09:00:29.0351 7876 F: <-> \Device\Harddisk0\DR0\Partition2
09:00:29.0373 7876 G: <-> \Device\Harddisk0\DR0\Partition3
09:00:29.0373 7876 ============================================================
09:00:29.0373 7876 Initialize success
09:00:29.0373 7876 ============================================================
09:00:44.0734 5464 ============================================================
09:00:44.0734 5464 Scan started
09:00:44.0734 5464 Mode: Manual;
09:00:44.0734 5464 ============================================================
09:00:46.0748 5464 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:00:46.0763 5464 1394ohci - ok
09:00:46.0848 5464 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:00:46.0850 5464 Accelerometer - ok
09:00:46.0908 5464 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:00:46.0929 5464 ACPI - ok
09:00:46.0977 5464 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:00:47.0005 5464 AcpiPmi - ok
09:00:47.0048 5464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:00:47.0095 5464 adp94xx - ok
09:00:47.0151 5464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:00:47.0180 5464 adpahci - ok
09:00:47.0203 5464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:00:47.0216 5464 adpu320 - ok
09:00:47.0244 5464 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:00:47.0274 5464 AeLookupSvc - ok
09:00:47.0360 5464 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:00:47.0363 5464 AFD - ok
09:00:47.0813 5464 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
09:00:47.0836 5464 AgereSoftModem - ok
09:00:47.0894 5464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:00:47.0895 5464 agp440 - ok
09:00:47.0918 5464 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:00:47.0920 5464 ALG - ok
09:00:47.0964 5464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:00:47.0965 5464 aliide - ok
09:00:48.0007 5464 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
09:00:48.0009 5464 AMD External Events Utility - ok
09:00:48.0026 5464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:00:48.0029 5464 amdide - ok
09:00:48.0056 5464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:00:48.0058 5464 AmdK8 - ok
09:00:48.0081 5464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:00:48.0082 5464 AmdPPM - ok
09:00:48.0131 5464 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:00:48.0134 5464 amdsata - ok
09:00:48.0167 5464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:00:48.0171 5464 amdsbs - ok
09:00:48.0196 5464 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:00:48.0207 5464 amdxata - ok
09:00:48.0253 5464 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:00:48.0255 5464 AppID - ok
09:00:48.0285 5464 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:00:48.0287 5464 AppIDSvc - ok
09:00:48.0338 5464 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:00:48.0339 5464 Appinfo - ok
09:00:48.0577 5464 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:00:48.0579 5464 Apple Mobile Device - ok
09:00:48.0615 5464 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:00:48.0617 5464 AppMgmt - ok
09:00:48.0644 5464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:00:48.0688 5464 arc - ok
09:00:49.0277 5464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:00:49.0280 5464 arcsas - ok
09:00:49.0387 5464 ARCVCAM (ce2168c926927ba926301baf172bc693) C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys
09:00:49.0388 5464 ARCVCAM - ok
09:00:49.0575 5464 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:00:49.0576 5464 aspnet_state - ok
09:00:49.0591 5464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:00:49.0592 5464 AsyncMac - ok
09:00:49.0669 5464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:00:49.0669 5464 atapi - ok
09:00:50.0242 5464 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:00:50.0354 5464 atikmdag - ok
09:00:50.0586 5464 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:00:50.0594 5464 AudioEndpointBuilder - ok
09:00:50.0601 5464 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:00:50.0605 5464 AudioSrv - ok
09:00:50.0929 5464 AVP (61ba4dc5266e6adf5f39e305ef97bee6) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
09:00:50.0932 5464 AVP - ok
09:00:50.0986 5464 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:00:50.0990 5464 AxInstSV - ok
09:00:51.0087 5464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:00:51.0516 5464 b06bdrv - ok
09:00:51.0551 5464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:00:51.0556 5464 b57nd60a - ok
09:00:51.0583 5464 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:00:51.0585 5464 BDESVC - ok
09:00:51.0613 5464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:00:51.0642 5464 Beep - ok
09:00:51.0745 5464 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:00:51.0756 5464 BITS - ok
09:00:51.0809 5464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:00:51.0822 5464 blbdrive - ok
09:00:51.0921 5464 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:00:51.0923 5464 Bonjour Service - ok
09:00:51.0989 5464 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:00:52.0003 5464 bowser - ok
09:00:52.0045 5464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:00:52.0055 5464 BrFiltLo - ok
09:00:52.0071 5464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:00:52.0169 5464 BrFiltUp - ok
09:00:52.0230 5464 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:00:52.0240 5464 BridgeMP - ok
09:00:52.0276 5464 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:00:52.0278 5464 Browser - ok
09:00:52.0309 5464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:00:52.0322 5464 Brserid - ok
09:00:52.0343 5464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:00:52.0344 5464 BrSerWdm - ok
09:00:52.0383 5464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:00:52.0384 5464 BrUsbMdm - ok
09:00:52.0399 5464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:00:52.0407 5464 BrUsbSer - ok
09:00:52.0501 5464 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:00:52.0502 5464 BthEnum - ok
09:00:52.0533 5464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:00:52.0536 5464 BTHMODEM - ok
09:00:52.0580 5464 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:00:52.0582 5464 BthPan - ok
09:00:52.0663 5464 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:00:52.0682 5464 BTHPORT - ok
09:00:52.0705 5464 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:00:52.0708 5464 bthserv - ok
09:00:52.0755 5464 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:00:52.0756 5464 BTHUSB - ok
09:00:52.0893 5464 catchme - ok
09:00:53.0284 5464 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\Windows\SysWOW64\CCM\CcmExec.exe
09:00:53.0288 5464 CcmExec - ok
09:00:53.0380 5464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:00:53.0382 5464 cdfs - ok
09:00:53.0506 5464 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:00:53.0527 5464 cdrom - ok
09:00:53.0591 5464 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:00:53.0593 5464 CertPropSvc - ok
09:00:53.0606 5464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:00:53.0616 5464 circlass - ok
09:00:53.0686 5464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:00:53.0690 5464 CLFS - ok
09:00:53.0946 5464 CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
09:00:53.0948 5464 CLHNServiceForPowerDVD - ok
09:00:54.0049 5464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:00:54.0050 5464 clr_optimization_v2.0.50727_32 - ok
09:00:54.0112 5464 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:00:54.0113 5464 clr_optimization_v2.0.50727_64 - ok
09:00:54.0260 5464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:00:54.0262 5464 clr_optimization_v4.0.30319_32 - ok
09:00:54.0353 5464 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:00:54.0356 5464 clr_optimization_v4.0.30319_64 - ok
09:00:54.0526 5464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:00:54.0527 5464 CmBatt - ok
09:00:54.0567 5464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:00:54.0578 5464 cmdide - ok
09:00:54.0973 5464 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:00:54.0981 5464 CNG - ok
09:00:55.0149 5464 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:00:55.0150 5464 Com4QLBEx - ok
09:00:55.0174 5464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:00:55.0179 5464 Compbatt - ok
09:00:55.0810 5464 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:00:55.0823 5464 CompositeBus - ok
09:00:55.0826 5464 COMSysApp - ok
09:00:56.0296 5464 cpuz135 - ok
09:00:56.0422 5464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:00:56.0482 5464 crcdisk - ok
09:00:56.0535 5464 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:00:56.0538 5464 CryptSvc - ok
09:00:56.0655 5464 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:00:56.0664 5464 CSC - ok
09:00:56.0715 5464 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:00:56.0722 5464 CscService - ok
09:00:57.0080 5464 CyberLink PowerDVD 11.0 Monitor Service (cb56d5f30199c35c37d9297b4d8cc3f7) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
09:00:57.0081 5464 CyberLink PowerDVD 11.0 Monitor Service - ok
09:00:57.0135 5464 CyberLink PowerDVD 11.0 Service (6e65964f36e7e881a7c4533cd1f99e23) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
09:00:57.0137 5464 CyberLink PowerDVD 11.0 Service - ok
09:00:57.0208 5464 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:00:57.0279 5464 DcomLaunch - ok
09:00:57.0384 5464 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:00:57.0388 5464 defragsvc - ok
09:00:57.0457 5464 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:00:57.0470 5464 DfsC - ok
09:00:57.0560 5464 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:00:57.0581 5464 Dhcp - ok
09:00:57.0669 5464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:00:57.0673 5464 discache - ok
09:00:57.0745 5464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:00:57.0761 5464 Disk - ok
09:00:57.0831 5464 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:00:57.0833 5464 Dnscache - ok
09:00:57.0898 5464 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:00:57.0902 5464 dot3svc - ok
09:00:58.0232 5464 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:00:58.0234 5464 DPS - ok
09:00:58.0271 5464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:00:58.0292 5464 drmkaud - ok
09:00:58.0475 5464 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:00:58.0519 5464 DXGKrnl - ok
09:00:58.0568 5464 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:00:58.0570 5464 EapHost - ok
09:00:58.0818 5464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:00:58.0851 5464 ebdrv - ok
09:00:59.0042 5464 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:00:59.0119 5464 eeCtrl - ok
09:00:59.0321 5464 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:00:59.0323 5464 EFS - ok
09:00:59.0527 5464 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:00:59.0534 5464 ehRecvr - ok
09:00:59.0832 5464 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:00:59.0834 5464 ehSched - ok
09:01:00.0025 5464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:01:00.0043 5464 elxstor - ok
09:01:00.0399 5464 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:01:00.0400 5464 EraserUtilRebootDrv - ok
09:01:00.0452 5464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:01:00.0510 5464 ErrDev - ok
09:01:00.0610 5464 EST_BusEnum (917dff97525b7d70c46d4deda240089f) C:\Windows\system32\DRIVERS\GenBus.sys
09:01:00.0617 5464 EST_BusEnum - ok
09:01:00.0842 5464 EST_Server (b63cb796f3fc7df6db5c0dd7e4a6f16d) C:\Windows\system32\DRIVERS\GenHC.sys
09:01:00.0855 5464 EST_Server - ok
09:01:00.0976 5464 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:01:00.0981 5464 EventSystem - ok
09:01:01.0514 5464 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:01:01.0521 5464 EvtEng - ok
09:01:01.0828 5464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:01:01.0841 5464 exfat - ok
09:01:02.0041 5464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:01:02.0056 5464 fastfat - ok
09:01:02.0198 5464 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:01:02.0206 5464 Fax - ok
09:01:02.0234 5464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:01:02.0235 5464 fdc - ok
09:01:02.0559 5464 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:01:02.0591 5464 fdPHost - ok
09:01:02.0967 5464 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:01:02.0969 5464 FDResPub - ok
09:01:03.0027 5464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:01:03.0040 5464 FileInfo - ok
09:01:03.0050 5464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:01:03.0052 5464 Filetrace - ok
09:01:03.0469 5464 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:01:03.0555 5464 FLEXnet Licensing Service - ok
09:01:03.0640 5464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:01:03.0642 5464 flpydisk - ok
09:01:03.0758 5464 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:01:03.0764 5464 FltMgr - ok
09:01:04.0104 5464 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:01:04.0122 5464 FontCache - ok
09:01:04.0261 5464 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:01:04.0262 5464 FontCache3.0.0.0 - ok
09:01:04.0394 5464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:01:04.0396 5464 FsDepends - ok
09:01:04.0585 5464 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:01:04.0598 5464 Fs_Rec - ok
09:01:04.0680 5464 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:01:04.0683 5464 fvevol - ok
09:01:04.0699 5464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:01:04.0742 5464 gagp30kx - ok
09:01:04.0820 5464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:01:04.0822 5464 GEARAspiWDM - ok
09:01:04.0917 5464 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:01:04.0925 5464 gpsvc - ok
09:01:05.0005 5464 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
09:01:05.0021 5464 hcmon - ok
09:01:05.0040 5464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:01:05.0075 5464 hcw85cir - ok
09:01:05.0264 5464 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:01:05.0282 5464 HdAudAddService - ok
09:01:05.0352 5464 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:01:05.0354 5464 HDAudBus - ok
09:01:05.0532 5464 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:01:05.0534 5464 HECIx64 - ok
09:01:05.0564 5464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:01:05.0566 5464 HidBatt - ok
09:01:05.0690 5464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:01:05.0703 5464 HidBth - ok
09:01:05.0757 5464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:01:05.0770 5464 HidIr - ok
09:01:05.0798 5464 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:01:05.0800 5464 hidserv - ok
09:01:05.0872 5464 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:01:05.0878 5464 HidUsb - ok
09:01:05.0969 5464 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:01:05.0996 5464 hkmsvc - ok
09:01:06.0055 5464 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:01:06.0101 5464 HomeGroupListener - ok
09:01:06.0185 5464 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:01:06.0189 5464 HomeGroupProvider - ok
09:01:06.0509 5464 HP Health Check Service (58c91cca61a948dc6e789c93c05a1d6f) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
09:01:06.0510 5464 HP Health Check Service - ok
09:01:06.0858 5464 HP Power Assistant Service (cf3ae4aeab7e3ab87122dc4ddd3a6947) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
09:01:06.0859 5464 HP Power Assistant Service - ok
09:01:06.0957 5464 HP Wireless Assistant Service (a2de0a67c77ebc6dfad3d55232790add) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
09:01:06.0959 5464 HP Wireless Assistant Service - ok
09:01:07.0059 5464 HPDayStarterService (94c74d758e0f7b1d962da452b4d28c91) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
09:01:07.0060 5464 HPDayStarterService - ok
09:01:07.0263 5464 HPDrvMntSvc.exe (50afb68513014a6894d78014483f0432) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:01:07.0264 5464 HPDrvMntSvc.exe - ok
09:01:07.0485 5464 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:01:07.0487 5464 hpdskflt - ok
09:01:07.0792 5464 HPFSService (c9d858e20ae696e7a0d9a05b595f850a) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
09:01:07.0794 5464 HPFSService - ok
09:01:07.0892 5464 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:01:07.0904 5464 HpqKbFiltr - ok
09:01:07.0986 5464 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
09:01:07.0989 5464 hpqwmiex - ok
09:01:08.0064 5464 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:01:08.0082 5464 HpSAMD - ok
09:01:08.0126 5464 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
09:01:08.0201 5464 hpsrv - ok
09:01:09.0155 5464 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:01:09.0179 5464 HTTP - ok
09:01:09.0226 5464 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:01:09.0232 5464 hwpolicy - ok
09:01:09.0304 5464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:01:09.0307 5464 i8042prt - ok
09:01:09.0708 5464 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:01:09.0716 5464 iaStorV - ok
09:01:10.0489 5464 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:01:10.0498 5464 idsvc - ok
09:01:10.0562 5464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:01:10.0563 5464 iirsp - ok
09:01:10.0733 5464 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:01:10.0744 5464 IKEEXT - ok
09:01:10.0787 5464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:01:10.0788 5464 intelide - ok
09:01:10.0837 5464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:01:10.0839 5464 intelppm - ok
09:01:10.0866 5464 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:01:10.0869 5464 IPBusEnum - ok
09:01:10.0925 5464 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:01:11.0012 5464 IpFilterDriver - ok
09:01:11.0143 5464 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:01:11.0157 5464 iphlpsvc - ok
09:01:11.0227 5464 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:01:11.0230 5464 IPMIDRV - ok
09:01:11.0318 5464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:01:11.0332 5464 IPNAT - ok
09:01:11.0533 5464 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
09:01:11.0538 5464 iPod Service - ok
09:01:11.0562 5464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:01:11.0564 5464 IRENUM - ok
09:01:11.0666 5464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:01:11.0682 5464 isapnp - ok
09:01:11.0763 5464 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
09:01:11.0767 5464 iScsiPrt - ok
09:01:11.0791 5464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:01:11.0817 5464 kbdclass - ok
09:01:11.0861 5464 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:01:11.0873 5464 kbdhid - ok
09:01:11.0922 5464 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:01:11.0928 5464 KeyIso - ok
09:01:12.0161 5464 KL1 (68a1682beb16946864fabde2468d01c4) C:\Windows\system32\DRIVERS\kl1.sys
09:01:12.0170 5464 KL1 - ok
09:01:12.0198 5464 kl2 (ea34a47056915ad1cf5cbf6a5d2bdcf4) C:\Windows\system32\DRIVERS\kl2.sys
09:01:12.0208 5464 kl2 - ok
09:01:12.0304 5464 KLFLTDEV (8cf77ea24beca98b80148ab7a122bdae) C:\Windows\system32\DRIVERS\klfltdev.sys
09:01:12.0307 5464 KLFLTDEV - ok
09:01:12.0425 5464 KLIF (3eba1d1483b7ce847656126b64e3d4fc) C:\Windows\system32\DRIVERS\klif.sys
09:01:12.0436 5464 KLIF - ok
09:01:12.0543 5464 KLIM6 (580f72248dc203fe7253fdf95805d38d) C:\Windows\system32\DRIVERS\klim6.sys
09:01:12.0559 5464 KLIM6 - ok
09:01:12.0623 5464 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:01:12.0627 5464 KSecDD - ok
09:01:12.0687 5464 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:01:12.0703 5464 KSecPkg - ok
09:01:12.0740 5464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:01:12.0750 5464 ksthunk - ok
09:01:12.0783 5464 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:01:12.0790 5464 KtmRm - ok
09:01:12.0911 5464 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:01:12.0947 5464 LanmanServer - ok
09:01:13.0000 5464 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:01:13.0003 5464 LanmanWorkstation - ok
09:01:13.0172 5464 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:01:13.0173 5464 LightScribeService - ok
09:01:13.0222 5464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:01:13.0224 5464 lltdio - ok
09:01:13.0336 5464 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:01:13.0346 5464 lltdsvc - ok
09:01:13.0372 5464 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:01:13.0376 5464 lmhosts - ok
09:01:13.0524 5464 LMS (bb4e55778d8de3885e1cdac795de7bce) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:01:13.0525 5464 LMS - ok
09:01:13.0550 5464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:01:13.0563 5464 LSI_FC - ok
09:01:13.0740 5464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:01:13.0754 5464 LSI_SAS - ok
09:01:13.0781 5464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:01:13.0784 5464 LSI_SAS2 - ok
09:01:13.0818 5464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:01:13.0833 5464 LSI_SCSI - ok
09:01:13.0876 5464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:01:13.0891 5464 luafv - ok
09:01:13.0973 5464 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
09:01:13.0987 5464 mcdbus - ok
09:01:14.0234 5464 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:01:14.0238 5464 Mcx2Svc - ok
09:01:14.0368 5464 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:01:14.0370 5464 MDM - ok
09:01:14.0400 5464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:01:14.0427 5464 megasas - ok
09:01:14.0471 5464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:01:14.0490 5464 MegaSR - ok
09:01:14.0630 5464 Microsoft SharePoint Workspace Audit Service - ok
09:01:14.0682 5464 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:01:14.0685 5464 MMCSS - ok
09:01:14.0708 5464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:01:14.0710 5464 Modem - ok
09:01:14.0747 5464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:01:14.0749 5464 monitor - ok
09:01:14.0816 5464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:01:14.0818 5464 mouclass - ok
09:01:14.0841 5464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:01:14.0843 5464 mouhid - ok
09:01:14.0889 5464 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:01:14.0891 5464 mountmgr - ok
09:01:14.0969 5464 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:01:14.0971 5464 MozillaMaintenance - ok
09:01:15.0050 5464 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:01:15.0054 5464 mpio - ok
09:01:15.0069 5464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:01:15.0082 5464 mpsdrv - ok
09:01:15.0129 5464 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:01:15.0144 5464 MRxDAV - ok
09:01:15.0237 5464 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:01:15.0240 5464 mrxsmb - ok
09:01:15.0336 5464 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:01:15.0353 5464 mrxsmb10 - ok
09:01:15.0392 5464 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:01:15.0395 5464 mrxsmb20 - ok
09:01:15.0467 5464 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:01:15.0467 5464 msahci - ok
09:01:15.0538 5464 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:01:15.0553 5464 msdsm - ok
09:01:15.0736 5464 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:01:15.0739 5464 MSDTC - ok
09:01:15.0784 5464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:01:15.0786 5464 Msfs - ok
09:01:15.0802 5464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:01:15.0803 5464 mshidkmdf - ok
09:01:15.0895 5464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:01:15.0903 5464 msisadrv - ok
09:01:15.0963 5464 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:01:15.0975 5464 MSiSCSI - ok
09:01:15.0979 5464 msiserver - ok
09:01:15.0992 5464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:01:16.0002 5464 MSKSSRV - ok
09:01:16.0019 5464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:01:16.0021 5464 MSPCLOCK - ok
09:01:16.0033 5464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:01:16.0044 5464 MSPQM - ok
09:01:16.0120 5464 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:01:16.0127 5464 MsRPC - ok
09:01:16.0144 5464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:01:16.0147 5464 mssmbios - ok
09:01:16.0158 5464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:01:16.0180 5464 MSTEE - ok
09:01:16.0206 5464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:01:16.0210 5464 MTConfig - ok
09:01:16.0231 5464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:01:16.0243 5464 Mup - ok
09:01:16.0285 5464 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:01:16.0289 5464 napagent - ok
09:01:16.0375 5464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:01:16.0381 5464 NativeWifiP - ok
09:01:16.0493 5464 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:01:16.0501 5464 NDIS - ok
09:01:16.0519 5464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:01:16.0522 5464 NdisCap - ok
09:01:16.0541 5464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:01:16.0566 5464 NdisTapi - ok
09:01:16.0613 5464 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:01:16.0640 5464 Ndisuio - ok
09:01:16.0725 5464 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:01:16.0743 5464 NdisWan - ok
09:01:16.0795 5464 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:01:16.0849 5464 NDProxy - ok
09:01:17.0063 5464 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:01:17.0068 5464 Nero BackItUp Scheduler 4.0 - ok
09:01:17.0133 5464 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll
09:01:17.0135 5464 Net Driver HPZ12 - ok
09:01:17.0204 5464 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
09:01:17.0206 5464 Netaapl - ok
09:01:17.0252 5464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:01:17.0271 5464 NetBIOS - ok
09:01:17.0365 5464 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:01:17.0368 5464 NetBT - ok
09:01:17.0466 5464 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:01:17.0468 5464 Netlogon - ok
09:01:17.0516 5464 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:01:17.0521 5464 Netman - ok
09:01:17.0768 5464 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:17.0772 5464 NetMsmqActivator - ok
09:01:17.0961 5464 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:17.0963 5464 NetPipeActivator - ok
09:01:18.0226 5464 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:01:18.0231 5464 netprofm - ok
09:01:18.0754 5464 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:18.0756 5464 NetTcpActivator - ok
09:01:18.0759 5464 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:18.0761 5464 NetTcpPortSharing - ok
09:01:20.0733 5464 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
09:01:20.0889 5464 NETw5s64 - ok
09:01:21.0112 5464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:01:21.0114 5464 nfrd960 - ok
09:01:21.0182 5464 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:01:21.0187 5464 NlaSvc - ok
09:01:21.0371 5464 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
09:01:21.0375 5464 nmservice - ok
09:01:21.0447 5464 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
09:01:21.0509 5464 NPF - ok
09:01:21.0528 5464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:01:21.0544 5464 Npfs - ok
09:01:21.0563 5464 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:01:21.0567 5464 nsi - ok
09:01:21.0625 5464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:01:21.0626 5464 nsiproxy - ok
09:01:21.0895 5464 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:01:21.0937 5464 Ntfs - ok
09:01:22.0081 5464 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
09:01:22.0082 5464 ntk_PowerDVD - ok
09:01:22.0232 5464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:01:22.0260 5464 Null - ok
09:01:22.0322 5464 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:01:22.0338 5464 nvraid - ok
09:01:22.0372 5464 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:01:22.0388 5464 nvstor - ok
09:01:22.0420 5464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:01:22.0434 5464 nv_agp - ok
09:01:22.0479 5464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:01:22.0481 5464 ohci1394 - ok
09:01:22.0593 5464 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:01:22.0595 5464 ose - ok
09:01:23.0129 5464 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:01:23.0154 5464 osppsvc - ok
09:01:23.0383 5464 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:01:23.0388 5464 p2pimsvc - ok
09:01:23.0490 5464 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:01:23.0497 5464 p2psvc - ok
09:01:23.0806 5464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:01:23.0809 5464 Parport - ok
09:01:23.0850 5464 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:01:23.0853 5464 partmgr - ok
09:01:23.0905 5464 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:01:23.0909 5464 PcaSvc - ok
09:01:23.0958 5464 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:01:23.0960 5464 pci - ok
09:01:23.0987 5464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:01:23.0998 5464 pciide - ok
09:01:24.0051 5464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:01:24.0056 5464 pcmcia - ok
09:01:24.0107 5464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:01:24.0119 5464 pcw - ok
09:01:24.0215 5464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:01:24.0237 5464 PEAUTH - ok
09:01:24.0406 5464 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:01:24.0422 5464 PeerDistSvc - ok
09:01:24.0515 5464 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:01:24.0518 5464 PerfHost - ok
09:01:25.0092 5464 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:01:25.0123 5464 pla - ok
09:01:25.0281 5464 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:01:25.0291 5464 PlugPlay - ok
09:01:25.0355 5464 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll
09:01:25.0357 5464 Pml Driver HPZ12 - ok
09:01:25.0482 5464 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
09:01:25.0483 5464 pnarp - ok
09:01:25.0513 5464 pneteth (427c638cc33ec406d988abed7bbc1289) C:\Windows\system32\DRIVERS\pneteth.sys
09:01:25.0514 5464 pneteth - ok
09:01:25.0538 5464 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:01:25.0542 5464 PNRPAutoReg - ok
09:01:25.0657 5464 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:01:25.0661 5464 PNRPsvc - ok
09:01:25.0741 5464 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:01:25.0747 5464 PolicyAgent - ok
09:01:25.0818 5464 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:01:25.0821 5464 Power - ok
09:01:25.0939 5464 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:01:25.0956 5464 PptpMiniport - ok
09:01:26.0187 5464 prepdrvr (3a603dd6466569970bd99dfb4c63bbc7) C:\Windows\SysWOW64\CCM\prepdrv.sys
09:01:26.0271 5464 prepdrvr - ok
09:01:26.0355 5464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:01:26.0368 5464 Processor - ok
09:01:26.0434 5464 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:01:26.0438 5464 ProfSvc - ok
09:01:26.0490 5464 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:01:26.0491 5464 ProtectedStorage - ok
09:01:26.0572 5464 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:01:26.0574 5464 Psched - ok
09:01:26.0692 5464 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
09:01:26.0734 5464 purendis - ok
09:01:26.0940 5464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:01:26.0991 5464 ql2300 - ok
09:01:27.0199 5464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:01:27.0202 5464 ql40xx - ok
09:01:27.0281 5464 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:01:27.0353 5464 QWAVE - ok
09:01:27.0383 5464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:01:27.0448 5464 QWAVEdrv - ok
09:01:27.0487 5464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:01:27.0536 5464 RasAcd - ok
09:01:27.0589 5464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:01:27.0621 5464 RasAgileVpn - ok
09:01:27.0642 5464 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:01:27.0646 5464 RasAuto - ok
09:01:27.0691 5464 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:01:27.0705 5464 Rasl2tp - ok
09:01:27.0777 5464 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:01:27.0783 5464 RasMan - ok
09:01:27.0817 5464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:01:27.0819 5464 RasPppoe - ok
09:01:27.0947 5464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:01:27.0960 5464 RasSstp - ok
09:01:28.0154 5464 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:01:28.0169 5464 rdbss - ok
09:01:28.0189 5464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:01:28.0191 5464 rdpbus - ok
09:01:28.0215 5464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:01:28.0216 5464 RDPCDD - ok
09:01:28.0282 5464 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\Windows\system32\DRIVERS\rdpdispm.sys
09:01:28.0290 5464 RDPDISPM - ok
09:01:28.0522 5464 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:01:28.0524 5464 RDPDR - ok
09:01:28.0601 5464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:01:28.0603 5464 RDPENCDD - ok
09:01:28.0643 5464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:01:28.0644 5464 RDPREFMP - ok
09:01:28.0767 5464 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
09:01:28.0782 5464 RdpVideoMiniport - ok
09:01:28.0868 5464 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:01:28.0871 5464 RDPWD - ok
09:01:29.0366 5464 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:01:29.0371 5464 rdyboost - ok
09:01:29.0605 5464 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:01:29.0610 5464 RegSrvc - ok
09:01:29.0660 5464 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:01:29.0664 5464 RemoteAccess - ok
09:01:29.0711 5464 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:01:29.0715 5464 RemoteRegistry - ok
09:01:29.0803 5464 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:01:29.0808 5464 RFCOMM - ok
09:01:29.0892 5464 RichVideo - ok
09:01:29.0933 5464 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
09:01:29.0934 5464 rpcapd - ok
09:01:29.0972 5464 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:01:29.0975 5464 RpcEptMapper - ok
09:01:30.0003 5464 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:01:30.0006 5464 RpcLocator - ok
09:01:30.0136 5464 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:01:30.0140 5464 RpcSs - ok
09:01:30.0175 5464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:01:30.0177 5464 rspndr - ok
09:01:30.0756 5464 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:01:30.0759 5464 RTL8167 - ok
09:01:30.0828 5464 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:01:30.0841 5464 s3cap - ok
09:01:30.0881 5464 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:01:30.0883 5464 SamSs - ok
09:01:30.0925 5464 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:01:30.0940 5464 sbp2port - ok
09:01:31.0153 5464 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:01:31.0169 5464 SBSDWSCService - ok
09:01:31.0225 5464 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:01:31.0343 5464 SCardSvr - ok
09:01:31.0418 5464 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:01:31.0420 5464 scfilter - ok
09:01:31.0520 5464 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:01:31.0532 5464 Schedule - ok
09:01:31.0581 5464 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:01:31.0582 5464 SCPolicySvc - ok
09:01:31.0617 5464 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:01:31.0622 5464 SDRSVC - ok
09:01:31.0657 5464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:01:31.0693 5464 secdrv - ok
09:01:31.0741 5464 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:01:31.0775 5464 seclogon - ok
09:01:31.0797 5464 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:01:31.0799 5464 SENS - ok
09:01:31.0818 5464 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:01:31.0822 5464 SensrSvc - ok
09:01:31.0837 5464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:01:31.0857 5464 Serenum - ok
09:01:31.0886 5464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:01:31.0899 5464 Serial - ok
09:01:31.0938 5464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:01:31.0940 5464 sermouse - ok
09:01:32.0009 5464 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:01:32.0012 5464 SessionEnv - ok
09:01:32.0084 5464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:01:32.0101 5464 sffdisk - ok
09:01:32.0116 5464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:01:32.0186 5464 sffp_mmc - ok
09:01:32.0206 5464 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:01:32.0283 5464 sffp_sd - ok
09:01:32.0317 5464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:01:32.0380 5464 sfloppy - ok
09:01:32.0444 5464 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:01:32.0448 5464 SharedAccess - ok
09:01:32.0561 5464 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:01:32.0566 5464 ShellHWDetection - ok
09:01:32.0587 5464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:01:32.0596 5464 SiSRaid2 - ok
09:01:32.0624 5464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:01:32.0636 5464 SiSRaid4 - ok
09:01:32.0837 5464 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
09:01:32.0839 5464 SkypeUpdate - ok
09:01:32.0858 5464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:01:32.0861 5464 Smb - ok
09:01:32.0982 5464 smstsmgr - ok
09:01:33.0043 5464 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:01:33.0046 5464 SNMPTRAP - ok
09:01:33.0074 5464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:01:33.0085 5464 spldr - ok
09:01:33.0159 5464 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:01:33.0166 5464 Spooler - ok
09:01:33.0450 5464 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:01:33.0501 5464 sppsvc - ok
09:01:33.0681 5464 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:01:33.0684 5464 sppuinotify - ok
09:01:33.0842 5464 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:01:33.0865 5464 srv - ok
09:01:33.0927 5464 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:01:33.0943 5464 srv2 - ok
09:01:33.0986 5464 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:01:33.0989 5464 srvnet - ok
09:01:34.0026 5464 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:01:34.0030 5464 SSDPSRV - ok
09:01:34.0064 5464 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:01:34.0067 5464 SstpSvc - ok
09:01:34.0115 5464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:01:34.0124 5464 stexstor - ok
09:01:34.0242 5464 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:01:34.0250 5464 stisvc - ok
09:01:34.0321 5464 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
09:01:34.0330 5464 storflt - ok
09:01:34.0409 5464 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:01:34.0412 5464 StorSvc - ok
09:01:34.0429 5464 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:01:34.0445 5464 storvsc - ok
09:01:34.0485 5464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:01:34.0496 5464 swenum - ok
09:01:34.0542 5464 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:01:34.0551 5464 swprv - ok
09:01:34.0574 5464 Synth3dVsc - ok
09:01:34.0636 5464 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
09:01:34.0652 5464 SynTP - ok
09:01:34.0875 5464 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:01:34.0894 5464 SysMain - ok
09:01:35.0036 5464 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:01:35.0040 5464 TabletInputService - ok
09:01:35.0125 5464 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:01:35.0131 5464 TapiSrv - ok
09:01:35.0174 5464 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:01:35.0177 5464 TBS - ok
09:01:35.0386 5464 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:01:35.0444 5464 Tcpip - ok
09:01:35.0937 5464 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:01:35.0947 5464 TCPIP6 - ok
09:01:36.0192 5464 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:01:36.0203 5464 tcpipreg - ok
09:01:36.0233 5464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:01:36.0244 5464 TDPIPE - ok
09:01:36.0290 5464 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:01:36.0291 5464 TDTCP - ok
09:01:36.0491 5464 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:01:36.0508 5464 tdx - ok
09:01:36.0865 5464 TeamViewer6 (12eb792f908d263381162d9bb304b520) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
09:01:36.0900 5464 TeamViewer6 - ok
09:01:37.0426 5464 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:01:37.0465 5464 TeamViewer7 - ok
09:01:37.0868 5464 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:01:37.0884 5464 TermDD - ok
09:01:38.0315 5464 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:01:38.0324 5464 TermService - ok
09:01:38.0376 5464 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:01:38.0379 5464 Themes - ok
09:01:38.0418 5464 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:01:38.0420 5464 THREADORDER - ok
09:01:38.0456 5464 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:01:38.0460 5464 TrkWks - ok
09:01:39.0004 5464 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:01:39.0007 5464 TrustedInstaller - ok
09:01:39.0074 5464 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:01:39.0075 5464 tssecsrv - ok
09:01:39.0125 5464 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:01:39.0127 5464 TsUsbFlt - ok
09:01:39.0130 5464 tsusbhub - ok
09:01:39.0181 5464 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:01:39.0183 5464 tunnel - ok
09:01:39.0207 5464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:01:39.0262 5464 uagp35 - ok
09:01:39.0437 5464 uArcCapture (9eea84226ed2a028bc3fdfdde03fe95c) C:\Windows\system\uArcCapture.exe
09:01:39.0440 5464 uArcCapture - ok
09:01:39.0562 5464 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:01:39.0706 5464 udfs - ok
09:01:39.0758 5464 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:01:39.0762 5464 UI0Detect - ok
09:01:39.0840 5464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:01:39.0846 5464 uliagpkx - ok
09:01:39.0934 5464 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:01:39.0957 5464 umbus - ok
09:01:39.0983 5464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:01:39.0985 5464 UmPass - ok
09:01:40.0059 5464 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:01:40.0063 5464 UmRdpService - ok
09:01:40.0649 5464 UNS (44aa8d5d3b3b5610fef46ca8a9c52d8c) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:01:40.0661 5464 UNS - ok
09:01:40.0869 5464 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:01:40.0875 5464 upnphost - ok
09:01:41.0477 5464 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:01:41.0478 5464 USBAAPL64 - ok
09:01:41.0563 5464 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
09:01:41.0567 5464 usbaudio - ok
09:01:41.0767 5464 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:01:41.0771 5464 usbccgp - ok
09:01:41.0843 5464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:01:41.0856 5464 usbcir - ok
09:01:41.0909 5464 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:01:41.0946 5464 usbehci - ok
09:01:41.0977 5464 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:01:42.0003 5464 usbhub - ok
09:01:42.0034 5464 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:01:42.0055 5464 usbohci - ok
09:01:42.0142 5464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:01:42.0154 5464 usbprint - ok
09:01:42.0218 5464 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:01:42.0310 5464 usbscan - ok
09:01:42.0377 5464 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:01:42.0379 5464 USBSTOR - ok
09:01:42.0412 5464 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:01:42.0460 5464 usbuhci - ok
09:01:42.0550 5464 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:01:42.0555 5464 usbvideo - ok
09:01:42.0607 5464 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:01:42.0610 5464 UxSms - ok
09:01:42.0666 5464 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:01:42.0667 5464 VaultSvc - ok
09:01:42.0739 5464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:01:42.0741 5464 vdrvroot - ok
09:01:42.0857 5464 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:01:42.0940 5464 vds - ok
09:01:42.0994 5464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:01:42.0996 5464 vga - ok
09:01:43.0030 5464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:01:43.0032 5464 VgaSave - ok
09:01:43.0051 5464 VGPU - ok
09:01:43.0104 5464 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:01:43.0108 5464 vhdmp - ok
09:01:43.0159 5464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:01:43.0161 5464 viaide - ok
09:01:43.0390 5464 VMAuthdService (94cf2d157c8fd9089afa5da78aa64c65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
09:01:43.0391 5464 VMAuthdService - ok
09:01:43.0471 5464 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
09:01:43.0482 5464 vmbus - ok
09:01:43.0521 5464 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:01:43.0523 5464 VMBusHID - ok
09:01:43.0784 5464 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
09:01:43.0795 5464 vmci - ok
09:01:43.0914 5464 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
09:01:43.0955 5464 VMnetAdapter - ok
09:01:44.0031 5464 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
09:01:44.0042 5464 VMnetBridge - ok
09:01:44.0067 5464 VMnetDHCP - ok
09:01:44.0087 5464 VMnetuserif (a17ee27acb84b230ac65936a3484495f) C:\Windows\system32\drivers\vmnetuserif.sys
09:01:44.0098 5464 VMnetuserif - ok
09:01:44.0267 5464 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
09:01:44.0276 5464 vmusb - ok
09:01:44.0621 5464 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
09:01:44.0701 5464 VMUSBArbService - ok
09:01:44.0758 5464 VMware NAT Service - ok
09:01:47.0949 5464 VMwareHostd (8c01ae115e9e6806a25a9b5136fd6fc0) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
09:01:48.0181 5464 VMwareHostd - ok
09:01:48.0386 5464 vmx86 (9843a0d68ea81817f9b713fc37372cbb) C:\Windows\system32\drivers\vmx86.sys
09:01:48.0401 5464 vmx86 - ok
09:01:48.0449 5464 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:01:48.0452 5464 volmgr - ok
09:01:48.0592 5464 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:01:48.0598 5464 volmgrx - ok
09:01:48.0704 5464 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:01:48.0710 5464 volsnap - ok
09:01:48.0743 5464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:01:48.0755 5464 vsmraid - ok
09:01:48.0907 5464 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:01:48.0928 5464 VSS - ok
09:01:49.0246 5464 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
09:01:49.0281 5464 vstor2-mntapi10-shared - ok
09:01:49.0387 5464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:01:49.0453 5464 vwifibus - ok
09:01:49.0484 5464 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:01:49.0496 5464 vwififlt - ok
09:01:49.0522 5464 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:01:49.0523 5464 vwifimp - ok
09:01:49.0706 5464 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:01:49.0734 5464 W32Time - ok
09:01:49.0753 5464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:01:49.0788 5464 WacomPen - ok
09:01:49.0840 5464 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:01:49.0843 5464 WANARP - ok
09:01:49.0847 5464 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:01:49.0848 5464 Wanarpv6 - ok
09:01:49.0962 5464 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:01:49.0969 5464 WatAdminSvc - ok
09:01:50.0256 5464 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:01:50.0284 5464 wbengine - ok
09:01:50.0509 5464 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:01:50.0522 5464 WbioSrvc - ok
09:01:50.0594 5464 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:01:50.0599 5464 wcncsvc - ok
09:01:50.0622 5464 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:01:50.0640 5464 WcsPlugInService - ok
09:01:50.0710 5464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:01:50.0712 5464 Wd - ok
09:01:50.0784 5464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:01:50.0817 5464 Wdf01000 - ok
09:01:50.0892 5464 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:01:50.0896 5464 WdiServiceHost - ok
09:01:50.0899 5464 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:01:50.0902 5464 WdiSystemHost - ok
09:01:50.0976 5464 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:01:50.0982 5464 WebClient - ok
09:01:51.0024 5464 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:01:51.0029 5464 Wecsvc - ok
09:01:51.0053 5464 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:01:51.0057 5464 wercplsupport - ok
09:01:51.0085 5464 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:01:51.0088 5464 WerSvc - ok
09:01:51.0123 5464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:01:51.0135 5464 WfpLwf - ok
09:01:51.0160 5464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:01:51.0162 5464 WIMMount - ok
09:01:51.0251 5464 WinDefend - ok
09:01:51.0292 5464 WinHttpAutoProxySvc - ok
09:01:51.0423 5464 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:01:51.0426 5464 Winmgmt - ok
09:01:52.0061 5464 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:01:52.0089 5464 WinRM - ok
09:01:52.0436 5464 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
09:01:52.0437 5464 WinUSB - ok
09:01:52.0503 5464 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:01:52.0516 5464 Wlansvc - ok
09:01:52.0791 5464 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:01:52.0792 5464 wlcrasvc - ok
09:01:54.0377 5464 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:01:54.0389 5464 wlidsvc - ok
09:01:54.0555 5464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:01:54.0558 5464 WmiAcpi - ok
09:01:54.0845 5464 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:01:54.0849 5464 wmiApSrv - ok
09:01:54.0901 5464 WMPNetworkSvc - ok
09:01:54.0939 5464 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:01:55.0025 5464 WPCSvc - ok
09:01:55.0074 5464 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:01:55.0078 5464 WPDBusEnum - ok
09:01:55.0101 5464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:01:55.0107 5464 ws2ifsl - ok
09:01:55.0146 5464 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:01:55.0149 5464 wscsvc - ok
09:01:55.0153 5464 WSearch - ok
09:01:55.0360 5464 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:01:55.0383 5464 wuauserv - ok
09:01:55.0562 5464 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:01:55.0577 5464 WudfPf - ok
09:01:55.0602 5464 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:01:55.0604 5464 WUDFRd - ok
09:01:55.0691 5464 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:01:55.0695 5464 wudfsvc - ok
09:01:55.0757 5464 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:01:55.0809 5464 WwanSvc - ok
09:01:56.0271 5464 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
09:01:56.0273 5464 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
09:01:56.0414 5464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:01:56.0817 5464 \Device\Harddisk0\DR0 - ok
09:01:56.0820 5464 Boot (0x1200) (5f9f73432d3f752c4b3ae667bab4c415) \Device\Harddisk0\DR0\Partition0
09:01:56.0821 5464 \Device\Harddisk0\DR0\Partition0 - ok
09:01:56.0833 5464 Boot (0x1200) (f010a728c55e8a04b06a246f95bbd5f7) \Device\Harddisk0\DR0\Partition1
09:01:56.0834 5464 \Device\Harddisk0\DR0\Partition1 - ok
09:01:56.0873 5464 Boot (0x1200) (d59d1649cb2d3ac53cbdaf68356ad625) \Device\Harddisk0\DR0\Partition2
09:01:56.0875 5464 \Device\Harddisk0\DR0\Partition2 - ok
09:01:56.0952 5464 Boot (0x1200) (4d51af3c3efeab2e13a68a8c412770e8) \Device\Harddisk0\DR0\Partition3
09:01:56.0953 5464 \Device\Harddisk0\DR0\Partition3 - ok
09:01:56.0954 5464 ============================================================
09:01:56.0954 5464 Scan finished
09:01:56.0954 5464 ============================================================
09:01:56.0964 7952 Detected object count: 0
09:01:56.0964 7952 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 20 May 2012 - 08:41 PM

Greetings iori_argami

That report looks good so let me have the aswMBR report when it is complete



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 May 2012 - 09:19 PM

Hi Gringo,

I do hope the same thing too. Here's the log from asw. Although the kaspersky log looks ok. But i still have the same problem which i mention earlier. inside C:\windows\installer\{xxxx}\u\ there's file stil self generating. and my c:\windows\syswow64\svchost still hog on to 100% of my cpu. i can only use process explorer to suspend it.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 09:04:05
-----------------------------
09:04:05.487 OS Version: Windows x64 6.1.7601 Service Pack 1
09:04:05.487 Number of processors: 4 586 0x2502
09:04:05.489 ComputerName: JULIUS UserName: kkheng
09:04:09.865 Initialze error C000010E - driver not loaded
09:04:09.926 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
09:05:38.321 AVAST engine defs: 12052001
09:05:43.012 Service scanning
09:06:03.192 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 32
09:06:03.978 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 32
09:06:27.395 Service ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys **LOCKED** 32
09:06:30.993 Service prepdrvr C:\Windows\SysWOW64\CCM\prepdrv.sys **LOCKED** 32
09:06:51.252 Service vstor2-mntapi10-shared C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys **LOCKED** 32
09:06:56.143 Service {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl **LOCKED** 32
09:06:56.655 Modules scanning
09:06:56.658 Disk 0 trace - called modules:
09:06:56.662
09:06:59.148 AVAST engine scan C:\Windows
09:07:05.884 AVAST engine scan C:\Windows\system32
09:11:08.621 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:11:16.316 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:17:10.052 AVAST engine scan C:\Windows\system32\drivers
09:18:37.196 AVAST engine scan C:\Users\kkheng
10:11:27.982 AVAST engine scan C:\ProgramData
10:15:02.026 Scan finished successfully
10:16:19.721 The log file has been saved successfully to "C:\Users\kkheng\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 20 May 2012 - 09:44 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 May 2012 - 10:01 PM

Hi Gringo,

I have question, do i need to resume the problematic svchost in order to capture all log files? Below is the log file (i had resume the svchost)

SystemLook 30.07.11 by jpshortstuff
Log created at 10:54 on 21/05/2012 by kkheng
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 20 May 2012 - 10:29 PM

Greetings


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\Windows\System32\services.exe 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 May 2012 - 11:08 PM

Hi Gringo,

I tried to run Combofix (both normal or safe mode) but it seems i'm not able to run. Both with or without the CFScript.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 20 May 2012 - 11:19 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 iori_argami

iori_argami
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 May 2012 - 11:42 PM

Hi Gringo,

OTL logfile created on: 5/21/2012 12:21:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\kkheng\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 5.19 Gb Available Physical Memory | 65.99% Memory free
19.97 Gb Paging File | 17.05 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293.20 Gb Total Space | 151.74 Gb Free Space | 51.75% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.03 Gb Free Space | 1.49% Space Free | Partition Type: FAT32
Drive G: | 2.01 Gb Total Space | 0.02 Gb Free Space | 0.79% Space Free | Partition Type: NTFS

Computer Name: JULIUS | User Name: kkheng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kkheng\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\kkheng\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe (深圳市普联技术有限公司)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\TP-LINK\MFP and Storage Server\PSMDLL.dll ()
MOD - C:\Program Files (x86)\TP-LINK\MFP and Storage Server\DCPDLL.dll ()
MOD - C:\Program Files (x86)\TP-LINK\MFP and Storage Server\UNTPDLL.dll ()
MOD - C:\Program Files (x86)\TP-LINK\MFP and Storage Server\ESTLogDLL.dll ()
MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPDayStarterService) -- C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe (Kaspersky Lab ZAO)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (uArcCapture) -- C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (KLFLTDEV) -- C:\Windows\SysNative\drivers\klfltdev.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RDPDISPM) -- C:\Windows\SysNative\drivers\rdpdispm.sys (Microsoft Corporation)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (EST_Server) -- C:\Windows\SysNative\drivers\GenHC.sys ( )
DRV:64bit: - (EST_BusEnum) -- C:\Windows\SysNative\drivers\GenBus.sys ( )
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sharepoint
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sharepoint
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sharepoint
IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 3E 62 90 CC 71 CC 01 [binary data]
IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-758114258-3968903629-661088288-1849\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.austinheights.edu.my:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.backup.ftp: "8.8.8.8"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "8.8.8.8"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "8.8.8.8"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.200.189"
FF - prefs.js..network.proxy.ftp_port: 9505
FF - prefs.js..network.proxy.gopher: "webdefence.global.blackspider.com"
FF - prefs.js..network.proxy.gopher_port: 8081
FF - prefs.js..network.proxy.http: "192.168.200.189"
FF - prefs.js..network.proxy.http_port: 9505
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.200.189"
FF - prefs.js..network.proxy.socks_port: 9505
FF - prefs.js..network.proxy.ssl: "192.168.200.189"
FF - prefs.js..network.proxy.ssl_port: 9505
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kkheng\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/06 10:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 08:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 17:35:09 | 000,000,000 | ---D | M]

[2010/08/23 10:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kkheng\AppData\Roaming\mozilla\Extensions
[2012/05/02 16:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kkheng\AppData\Roaming\mozilla\Firefox\Profiles\u1piopx9.default\extensions
[2012/05/07 08:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/27 21:09:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/07 08:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/05/03 08:31:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/21 13:09:28 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/03/07 14:34:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/07 14:34:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/20 01:20:10 | 000,442,125 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15217 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-758114258-3968903629-661088288-1849..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-758114258-3968903629-661088288-1849..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-758114258-3968903629-661088288-1849..\Run: [MFP and Storage Server] C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe (深圳市普联技术有限公司)
O4 - HKU\S-1-5-21-758114258-3968903629-661088288-1849..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-758114258-3968903629-661088288-1849..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\kkheng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKU\S-1-5-21-758114258-3968903629-661088288-1849\..Trusted Domains: microsoft.com ([sftasia.one] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} https://sftasia.one.microsoft.com/SAXFileEE.cab (SAXFileEE ActiveX Control)
O16 - DPF: {BCD8A973-8E6A-4A86-ACE0-73389E9EED00} https://172.16.10.1/iClientAx.cab?pid=2A139CC421F0A8064BCB (WinClient)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alphamatic.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7545A1E8-87F3-4C2F-A32D-64D110298662}: DhcpNameServer = 192.168.0.201 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BB5E654-7D27-4FC3-9983-F43C19350396}: DhcpNameServer = 192.168.0.235 192.168.0.238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89DBB6E9-1EAB-41C8-B041-8B1BB1C14825}: DhcpNameServer = 172.16.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA8BB4AE-DE9F-46D3-9B84-C7EEF4E1D248}: DhcpNameServer = 203.92.128.189 203.92.128.151
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 12:02:10 | 000,035,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP152.SYS
[2012/05/21 11:55:47 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/21 08:39:50 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{642F086D-1BF6-40AD-8A4B-64FC0DE875A9}
[2012/05/21 08:39:37 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{E3A4D477-1040-4B13-B91F-7BA1A0DD681B}
[2012/05/20 05:57:45 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/20 01:14:14 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/20 00:13:44 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\CrashDumps
[2012/05/19 17:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/19 17:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/19 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/19 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Roaming\Safer Networking
[2012/05/19 16:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/05/19 16:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/05/19 16:35:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/19 16:28:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 14:47:22 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\kkheng\Desktop\Combo-Fix.exe
[2012/05/19 14:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 8 for Windows
[2012/05/19 14:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/19 14:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/05/19 14:08:29 | 000,636,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/05/19 13:49:14 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{4CBE677A-73C3-4302-8830-E33579073420}
[2012/05/19 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{58063710-6591-473F-88C8-2756FBA02384}
[2012/05/18 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/05/18 09:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DLLSuite
[2012/05/18 09:42:43 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\SvchostViewer
[2012/05/18 08:51:54 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{7776D0DD-A832-4E93-890A-424B5AF36EB6}
[2012/05/18 08:51:43 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{7A9CB720-919F-46D5-84E5-86768D3C36E2}
[2012/05/17 15:51:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/17 15:51:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/17 15:51:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/17 15:51:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/17 15:51:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/17 15:23:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/17 15:23:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/17 15:22:59 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/17 15:22:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/17 15:22:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/17 15:22:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/17 15:22:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/05/17 15:22:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/17 15:22:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/17 15:22:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/17 15:22:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/17 15:08:39 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/05/17 15:08:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/05/17 15:08:39 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/05/17 14:51:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/17 14:51:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/17 14:51:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/17 14:51:26 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/05/17 14:51:23 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/05/17 14:51:23 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/05/17 14:51:23 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/05/17 14:51:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/05/17 14:51:22 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/05/17 14:51:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/05/17 14:51:20 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/05/17 14:51:18 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/05/17 14:51:18 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/05/17 14:51:18 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/05/17 14:51:18 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/05/17 14:51:12 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/17 14:50:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/05/17 14:50:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/05/17 14:50:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/05/17 14:50:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/05/17 14:50:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/05/17 14:50:20 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/05/17 14:47:45 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Roaming\Malwarebytes
[2012/05/17 14:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/17 14:47:30 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/05/17 14:47:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/05/17 14:47:27 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/05/17 14:47:16 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/05/17 14:47:16 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/05/17 14:47:16 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/05/17 14:23:56 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/05/17 14:23:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/05/17 10:55:16 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{79D694FD-7489-4A99-981F-40BE80E118CE}
[2012/05/17 10:55:05 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{81A6A03C-FC73-4183-8FE1-C013262A3F8A}
[2012/05/16 22:54:51 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{EF317EA1-669A-4BC1-9FCD-4C41AEA354D0}
[2012/05/16 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{39B92751-A6F5-4659-8BC2-308004CA25D9}
[2012/05/16 08:42:38 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{411C10DC-9514-4E3C-8B3E-11351C668733}
[2012/05/16 08:42:27 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{3ABD2741-222B-4A8E-AD74-B0C18BA521B6}
[2012/05/11 12:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/05/11 11:10:52 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012/05/11 11:10:14 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012/05/11 11:10:12 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012/05/11 11:10:10 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012/05/11 11:10:07 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012/05/11 11:08:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2012/05/11 11:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/05/11 09:12:22 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{3649C64B-90A4-477F-8DDE-840463817D94}
[2012/05/11 09:12:11 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{6865E1BC-FA34-4A09-A24E-15EB82978B94}
[2012/05/10 12:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
[2012/05/10 12:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync
[2012/05/10 12:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Lync
[2012/05/10 12:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCSetup
[2012/05/10 08:26:41 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{6ED0AE65-1979-46C9-B66B-8321C5B17FCD}
[2012/05/10 08:25:22 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{4E98A095-0CD7-40CE-8A79-5C51DB386B98}
[2012/05/09 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/05/09 14:38:41 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012/05/09 14:38:40 | 000,102,832 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2012/05/09 08:22:50 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{663AC54A-B3E5-41FF-8F15-0A3990AD40C0}
[2012/05/09 08:21:33 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{65BA5739-A456-4337-9B9E-1719943F5587}
[2012/05/08 11:36:32 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{E9476FD9-1381-4118-9F27-73594F191775}
[2012/05/08 11:34:32 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{EA77F88B-9F93-4803-89D7-4CE2DE85298D}
[2012/05/07 22:16:40 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{3DD3365F-A833-429C-951C-1E80DB1CF231}
[2012/05/07 22:15:22 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{A924D579-4338-49FC-B01D-63EC5B632AE7}
[2012/05/07 08:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/07 08:59:07 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/07 08:59:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/07 08:59:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/07 08:59:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/07 08:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/07 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{F1C49C23-7D93-4FE9-A592-145583F476AB}
[2012/05/07 08:23:33 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{87E55F4B-E1A0-4573-B93C-BA3E791FDC52}
[2012/05/04 08:48:04 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{F943733F-DA75-49B1-ADFE-AE1C8ED7E2EB}
[2012/05/04 08:47:53 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{B415F250-3694-4657-AB2C-FB1F35B40586}
[2012/05/03 08:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 08:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/03 08:24:57 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{7CC87186-15DE-4336-A0F4-AA75701FC845}
[2012/05/03 08:24:42 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{7DFA5253-E26D-4CFB-A2CA-653341B5ACC6}
[2012/05/02 08:26:52 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{676F860E-60DA-4ED4-A064-C7E8B2B0DCCB}
[2012/05/02 08:26:35 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{FEF7EAC3-6E5F-4D52-94D1-271E15E564AF}
[2012/04/30 18:26:28 | 000,252,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnc.dll
[2012/04/30 17:22:42 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2012/04/30 17:22:42 | 000,048,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2012/04/30 17:22:42 | 000,045,680 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2012/04/30 17:22:42 | 000,024,176 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2012/04/30 17:22:42 | 000,020,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2012/04/27 08:17:01 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{87F38F85-B582-4D4A-8438-E019C73920BE}
[2012/04/27 08:16:44 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{838C31E7-86E6-43E4-8884-6B81C1095C09}
[2012/04/26 08:23:54 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{E2BF3350-2A32-4ED8-9FD2-248A86A62EC2}
[2012/04/26 08:23:01 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{CE520E3B-CD73-4726-BD1F-844A259BCEA9}
[2012/04/25 08:21:27 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{0C784942-D7A0-476A-9753-F4CF323FBFEB}
[2012/04/25 08:20:09 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{961075A7-4714-47EE-B2BD-BE18E5FB99DD}
[2012/04/24 08:31:21 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{3510AC05-B527-4D56-9B72-C5972E22C074}
[2012/04/24 08:30:57 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{D363DB7D-E4B5-417B-9138-9B47A1A5BF85}
[2012/04/23 08:25:52 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{149C0602-D5C6-4F03-AA9C-56B569423738}
[2012/04/23 08:24:33 | 000,000,000 | ---D | C] -- C:\Users\kkheng\AppData\Local\{65B23A57-5BEC-4A77-B602-47B61879F1BF}
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 12:29:38 | 000,001,066 | -HS- | M] () -- C:\Windows\KLIF.spi
[2012/05/21 12:10:25 | 005,456,836 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/21 12:10:25 | 000,750,870 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/21 12:10:25 | 000,745,562 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/05/21 12:10:25 | 000,702,310 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/21 12:10:25 | 000,667,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/21 12:10:25 | 000,514,868 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/05/21 12:10:25 | 000,434,946 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012/05/21 12:10:25 | 000,423,352 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012/05/21 12:10:25 | 000,160,264 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/21 12:10:25 | 000,150,722 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/21 12:10:25 | 000,148,728 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/05/21 12:10:25 | 000,124,134 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012/05/21 12:10:25 | 000,124,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/21 12:10:25 | 000,122,422 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012/05/21 12:10:25 | 000,100,412 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/05/21 12:10:25 | 000,071,668 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/05/21 12:10:25 | 000,068,762 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/05/21 12:10:25 | 000,064,850 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012/05/21 12:10:25 | 000,040,764 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012/05/21 12:10:25 | 000,039,632 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012/05/21 12:10:25 | 000,029,340 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/05/21 12:10:25 | 000,028,334 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/05/21 12:10:25 | 000,027,710 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012/05/21 12:10:25 | 000,024,658 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012/05/21 12:10:25 | 000,024,658 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012/05/21 12:08:17 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 12:08:17 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 12:04:38 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/05/21 12:02:10 | 000,035,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP152.SYS
[2012/05/21 11:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/21 11:57:59 | 4143,374,335 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/20 01:20:10 | 000,442,125 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/19 16:25:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120520-012010.backup
[2012/05/19 16:25:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120519-171104.backup
[2012/05/19 16:25:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120519-171045.backup
[2012/05/19 14:52:24 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\kkheng\Desktop\Combo-Fix.exe
[2012/05/19 14:09:34 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/05/19 14:09:34 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/05/19 14:08:29 | 000,636,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/05/17 16:31:40 | 000,001,131 | ---- | M] () -- C:\Users\kkheng\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/17 15:41:19 | 002,356,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/17 15:15:55 | 005,400,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/16 17:06:25 | 000,001,986 | -H-- | M] () -- C:\Users\kkheng\Documents\Default.rdp
[2012/05/11 11:11:04 | 000,001,028 | ---- | M] () -- C:\Users\kkheng\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/05/11 11:09:41 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/11 11:09:18 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012/05/10 17:29:43 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/10 17:29:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/10 17:29:07 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/09 14:38:41 | 000,287,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012/05/09 14:38:41 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012/05/09 14:38:40 | 000,102,832 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2012/05/07 08:59:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/07 08:59:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/07 08:59:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/07 08:58:59 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/07 08:58:59 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/30 20:42:44 | 000,063,088 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012/04/30 20:42:42 | 000,942,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012/04/30 20:42:26 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012/04/30 20:42:14 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012/04/30 20:40:52 | 000,030,320 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012/04/30 18:26:28 | 000,252,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWow64\vmnc.dll
[2012/04/30 17:22:42 | 000,062,064 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2012/04/30 17:22:42 | 000,048,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2012/04/30 17:22:42 | 000,045,680 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2012/04/30 17:22:42 | 000,024,176 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2012/04/30 17:22:42 | 000,020,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/21 12:04:29 | 000,000,904 | -HS- | C] () -- C:\Windows\KLIF.spi
[2012/05/19 14:09:34 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/05/19 14:09:34 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/05/17 15:51:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/17 15:51:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/17 15:51:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/17 15:51:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/17 15:51:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/11 11:11:04 | 000,001,028 | ---- | C] () -- C:\Users\kkheng\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/05/11 11:09:17 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012/01/05 13:36:51 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/04/27 12:41:34 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/03/04 13:27:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/09/30 22:43:21 | 000,000,147 | ---- | C] () -- C:\Users\kkheng\AppData\Roaming\default.rss
[2010/09/20 11:54:13 | 005,400,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/20 11:53:30 | 000,000,474 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/09/01 14:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/08/22 01:52:52 | 000,000,128 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/21 18:04:18 | 000,007,605 | ---- | C] () -- C:\Users\kkheng\AppData\Local\resmon.resmoncfg
[2010/08/21 14:38:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini
[2010/08/21 14:35:18 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/08/20 22:56:16 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/08/20 22:39:09 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/20 22:39:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/20 22:39:07 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/20 22:39:07 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/20 22:39:07 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/20 15:00:44 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/08/20 15:00:19 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/08/20 15:00:06 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/08/20 14:28:52 | 000,007,436 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/17 10:06:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/26 01:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users