Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Detected: Backdoor.win64.zaccess


  • This topic is locked This topic is locked
25 replies to this topic

#1 ccjjallday

ccjjallday

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 10 June 2012 - 01:13 PM

I can't get rid of this damn thing. I'm using kaspersky

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 10 June 2012 - 11:55 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 June 2012 - 04:30 PM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Ospina at 17:25:00 on 2012-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8183.6227 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Ospina\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [FontExpertType1Loader] C:\Program Files (x86)\FontExpert\Type1Loader.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Ospina\Desktop\PartyPoker.lnk
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: hewitt.com\lb29.bpo
Trusted Zone: mphro.com\tkweb-sso.rogers
Trusted Zone: rogers.com\webmail.rci
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://iportal.sickkids.ca/InternalSite/WhlCompMgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{185EF36A-BFA3-43D5-9A31-2084D8FFD238} : DhcpNameServer = 192.168.0.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [FontExpertType1Loader] C:\Program Files (x86)\FontExpert\Type1Loader.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Ospina\Desktop\PartyPoker.lnk
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ospina\AppData\Roaming\Mozilla\Firefox\Profiles\bhi1rk3f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\Users\Ospina\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Ospina\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Users\Ospina\AppData\Roaming\Mozilla\Firefox\Profiles\bhi1rk3f.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-1 92160]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-25 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-10-31 150928]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-2 116648]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 253088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-10-31 487312]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-18 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-2 116648]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;"c:\Program Files\Microsoft Security Client\NisSrv.exe" --> c:\Program Files\Microsoft Security Client\NisSrv.exe [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-08 18:36:08 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D57FF12D-CC24-4865-BC48-A7AB2C2B27E0}\offreg.dll
2012-06-08 18:13:33 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D57FF12D-CC24-4865-BC48-A7AB2C2B27E0}\mpengine.dll
2012-06-08 18:13:24 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-08 15:29:51 98816 ----a-w- C:\Windows\sed.exe
2012-06-08 15:29:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-08 15:29:51 256000 ----a-w- C:\Windows\PEV.exe
2012-06-08 15:29:51 208896 ----a-w- C:\Windows\MBR.exe
2012-06-07 09:32:32 -------- d-----w- C:\ProgramData\Sophos
2012-06-07 09:32:24 73728 ----a-r- C:\Users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-07 09:32:24 73728 ----a-r- C:\Users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-07 09:32:24 73728 ----a-r- C:\Users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-07 09:32:20 -------- d-----w- C:\Program Files (x86)\Sophos
2012-06-07 09:31:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 07:58:47 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-07 07:58:47 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-06-07 06:55:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96CC27FE-859D-4347-BACE-A80DE17F0BD0}\offreg.dll
2012-06-07 06:04:09 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{654D7477-957B-4CE6-A840-C43F4B5C0A98}\gapaengine.dll
2012-06-07 06:04:07 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96CC27FE-859D-4347-BACE-A80DE17F0BD0}\mpengine.dll
2012-06-07 06:02:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-07 06:02:54 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-07 05:10:34 -------- d-----w- C:\Program Files\ESET
2012-06-01 13:47:43 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-28 11:58:52 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-28 11:58:26 -------- d-----w- C:\Users\Ospina\AppData\Local\PunkBuster
2012-05-28 11:39:08 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2012-05-28 11:36:17 -------- d-----w- C:\ProgramData\EA Core
2012-05-28 11:34:52 -------- d-----w- C:\ProgramData\EA Logs
2012-05-28 10:51:32 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-05-28 05:23:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-28 05:23:03 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-28 05:22:46 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-22 15:42:04 -------- d-----w- C:\Users\Ospina\AppData\Local\{1671B6CE-E8A3-4401-AFBC-FF0EE666C712}
.
==================== Find3M ====================
.
2012-04-24 04:06:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 04:06:46 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 17:25:24.27 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/01/2010 12:08:35 AM
System Uptime: 10/06/2012 3:42:36 PM (26 hours ago)
.
Motherboard: Dell Inc. | | 0X231R
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 492.286 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP285: 10/06/2012 3:06:03 PM - Scheduled Checkpoint
RP286: 11/06/2012 5:15:53 PM - Windows Backup
RP287: 11/06/2012 5:17:00 PM - Windows Backup
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Apple Application Support
Apple Software Update
µTorrent
Batman - Arkham City
Batman: Arkham City™
Battlefield 3™
Battlelog Web Plugins
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BufferChm
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Coby Media Manager
Compatibility Pack for the 2007 Office system
Connect
ConvertXtoDVD 4.0.9.322
Copy
Counter-Strike: Source
Counter-Strike: Source Beta
CyberLink PowerDirector
D3DX10
Dell Getting Started Guide
Destinations
DeviceDiscovery
DirectXInstallService
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_AIO_03_F4200_Software_Min
DolbyFiles
Dual-Core Optimizer
EASEUS Data Recovery Wizard Professional 5.0.1
EMC 10 Content
eReg
ESN Sonar
F4200
Fable III
FL Studio 8
FontExpert 2009
Free Realms Installer
FrostWire 4.21.7
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
iCare Data Recovery 4.1
IL Download Manager
ImagXpress
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Kaspersky Internet Security 2012
Kingconvert Video Converter
kuler
LIMBO Demo
Live 8.0.4
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft Choice Guard
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Movie Templates - Starter Kit
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
Noise Reduction Plug-in 2.0i
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PartyPoker
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PoiZone
PowerDVD DX
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
Rosetta Stone Version 3
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
RSH Home Networking Wizard
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Sophos Virus Removal Tool
Sound Forge Pro 10.0
SoundTrax
StarCraft II
Status
Steam
Suite Shared Configuration CS4
System Requirements Lab
Team Fortress 2
Toolbox
TrayApp
TurboTax 2010
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Virtual DJ Pro Full - Atomix Productions
VLC media player 1.0.5
VoiceOver Kit
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Upload Tool
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WorldWinner Games
.
==== Event Viewer Messages From Past Week ========
.
11/06/2012 5:01:06 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/06/2012 5:01:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/06/2012 3:03:58 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
08/06/2012 7:56:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.1592.0).
08/06/2012 6:44:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
08/06/2012 6:36:55 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
08/06/2012 6:36:52 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the BFE service which failed to start because of the following error: Access is denied.
08/06/2012 6:36:48 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied.
08/06/2012 6:36:48 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.
08/06/2012 6:36:26 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894
08/06/2012 6:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 5:36:25 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 5:36:16 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
08/06/2012 5:36:15 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
08/06/2012 5:36:14 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
08/06/2012 4:37:10 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
08/06/2012 4:24:45 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
08/06/2012 2:55:28 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: Access is denied.
08/06/2012 2:48:39 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
08/06/2012 2:46:10 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {B43A0C1E-B63F-4691-B68F-CD807A45DA01}. The error: "5" Happened while starting this command: C:\Windows\system32\TSWbPrxy.exe -Embedding
08/06/2012 11:41:33 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
08/06/2012 11:40:32 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
08/06/2012 11:39:46 AM, Error: Application Popup [1060] - \??\C:\123.exe\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
08/06/2012 11:34:12 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
08/06/2012 11:32:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
08/06/2012 11:29:12 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:29:12 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 11:29:11 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
08/06/2012 11:28:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:21 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/06/2012 11:27:18 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
08/06/2012 11:27:18 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
07/06/2012 4:19:34 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
07/06/2012 3:46:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
07/06/2012 3:35:38 AM, Error: Microsoft Antimalware [1119] -
07/06/2012 3:17:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:17:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
07/06/2012 3:17:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07/06/2012 3:16:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/06/2012 3:16:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
07/06/2012 3:16:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
07/06/2012 3:16:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
07/06/2012 3:16:29 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:16:29 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:16:27 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:10:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
07/06/2012 3:10:37 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:10:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
07/06/2012 3:10:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
07/06/2012 3:09:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07/06/2012 3:09:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/06/2012 3:07:13 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
07/06/2012 2:41:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
07/06/2012 2:38:17 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
07/06/2012 12:37:54 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
07/06/2012 12:13:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Works 9 (KB2680317).
07/06/2012 1:40:27 AM, Error: Service Control Manager [7003] - The epfwwfp service depends the following service: BFE. This service might not be installed.
07/06/2012 1:10:59 AM, Error: Service Control Manager [7030] - The Eset install launcher (14703) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 11 June 2012 - 04:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 June 2012 - 05:45 PM

ComboFix 12-06-11.04 - Ospina 11/06/2012 18:21:27.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8183.6447 [GMT -4:00]
Running from: c:\users\Ospina\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\@
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\n
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U\00000001.@
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U\80000000.@
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U\800000cb.@
.
---- Previous Run -------
.
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\@
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\n
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U\00000001.@
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U\80000000.@
c:\windows\Installer\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U\800000cb.@
.
.
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 22:31 . 2012-06-11 22:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-11 22:31 . 2012-06-11 22:31 -------- d-----w- c:\users\Mcx1-OSPINA-PC\AppData\Local\temp
2012-06-11 22:31 . 2012-06-11 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 18:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D57FF12D-CC24-4865-BC48-A7AB2C2B27E0}\mpengine.dll
2012-06-07 09:32 . 2012-06-07 09:32 -------- d-----w- c:\programdata\Sophos
2012-06-07 09:32 . 2012-06-07 09:32 73728 ----a-r- c:\users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-07 09:32 . 2012-06-07 09:32 73728 ----a-r- c:\users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-07 09:32 . 2012-06-07 09:32 73728 ----a-r- c:\users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-07 09:32 . 2012-06-07 09:32 -------- d-----w- c:\program files (x86)\Sophos
2012-06-07 09:31 . 2012-06-07 09:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 07:58 . 2012-06-11 22:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-07 07:58 . 2012-06-07 07:58 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-07 06:55 . 2012-06-07 07:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96CC27FE-859D-4347-BACE-A80DE17F0BD0}\offreg.dll
2012-06-07 06:04 . 2012-06-07 06:04 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{654D7477-957B-4CE6-A840-C43F4B5C0A98}\gapaengine.dll
2012-06-07 06:04 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96CC27FE-859D-4347-BACE-A80DE17F0BD0}\mpengine.dll
2012-06-07 06:02 . 2012-06-07 07:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-07 06:02 . 2012-06-07 07:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-07 05:10 . 2012-06-07 05:10 -------- d-----w- c:\program files\ESET
2012-06-02 21:19 . 2012-06-02 21:20 -------- d-----w- c:\program files (x86)\Google
2012-06-01 13:47 . 2012-06-01 13:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-28 11:58 . 2012-05-28 11:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-28 11:58 . 2012-05-28 11:58 -------- d-----w- c:\users\Ospina\AppData\Local\PunkBuster
2012-05-28 11:39 . 2012-05-28 11:39 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-05-28 11:36 . 2012-05-28 11:36 -------- d-----w- c:\programdata\EA Core
2012-05-28 11:34 . 2012-05-28 11:56 -------- d-----w- c:\programdata\EA Logs
2012-05-28 10:51 . 2012-05-28 10:51 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-05-28 05:23 . 2012-05-28 11:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-28 05:23 . 2012-05-28 11:48 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-28 05:22 . 2012-05-28 11:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 04:06 . 2012-04-24 04:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 04:06 . 2012-04-24 04:06 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 06:05 . 2012-05-12 05:38 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 05:38 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 05:38 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 05:38 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 05:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-12 05:38 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-08_18.04.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-08 22:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-08 15:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-08 15:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 15:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 03:20 . 2012-06-08 18:14 42666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-08 22:20 30946 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-15 06:53 . 2012-06-08 22:20 15694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1734162872-4050056206-3852058921-1000_UserData.bin
+ 2012-06-11 21:35 . 2012-06-11 22:16 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012061120120612\index.dat
+ 2012-06-11 21:35 . 2012-06-11 21:31 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012060420120611\index.dat
- 2012-06-01 13:47 . 2012-06-08 16:10 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-01 13:47 . 2012-06-11 22:16 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-01 13:47 . 2012-06-08 16:21 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-01 13:47 . 2012-06-11 22:16 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-01-15 06:00 . 2012-06-08 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 06:00 . 2012-06-11 22:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-15 06:00 . 2012-06-08 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-15 06:00 . 2012-06-11 22:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-08 15:41 . 2012-06-08 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 22:32 . 2012-06-11 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 22:32 . 2012-06-11 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-08 15:41 . 2012-06-08 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-16 14:07 . 2012-06-11 21:01 674844 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-06-10 17:52 630542 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-08 15:45 630542 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-08 15:45 111626 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-10 17:52 111626 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-06-11 22:34 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-06-08 15:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-15 04:06 . 2012-06-11 22:34 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 04:06 . 2012-06-11 22:34 4718592 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-15 04:06 . 2012-06-08 17:55 4718592 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-11 22:34 1884160 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-06-08 15:40 1300296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-11 22:31 1300296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-28 01:31 . 2012-06-11 22:31 47746048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1734162872-4050056206-3852058921-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"FontExpertType1Loader"="c:\program files (x86)\FontExpert\Type1Loader.exe" [2008-12-14 294152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 116648]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-10-31 487312]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-18 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 116648]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 04:06]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 21:19]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 21:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: hewitt.com\lb29.bpo
Trusted Zone: mphro.com\tkweb-sso.rogers
Trusted Zone: rogers.com\webmail.rci
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ospina\AppData\Roaming\Mozilla\Firefox\Profiles\bhi1rk3f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000_Classes\Wow6432Node\CLSID\{1832a074-07e6-4046-bfbb-7cb4418cd63e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000046
"Therad"=dword:0000001b
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e2,27,f9,7d,83,32,b8,24,da,a8,cd,82,ff,ea,ba,13,20,b6,af,0e,11,
c3,5b,88,2e,36,48,c5,ef,49,91,e8,0e,b5,1c,69,ef,23,1c,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-06-11 18:40:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 22:40
ComboFix2.txt 2012-06-08 18:07
.
Pre-Run: 528,201,904,128 bytes free
Post-Run: 527,991,836,672 bytes free
.
- - End Of File - - 791815613030842DDA092CDB8232C8CD




My computer is running fine, but the trojan virus is still detected

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 11 June 2012 - 05:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 June 2012 - 08:47 PM

19:28:08.0043 3748 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:28:08.0479 3748 ============================================================
19:28:08.0479 3748 Current date / time: 2012/06/11 19:28:08.0479
19:28:08.0479 3748 SystemInfo:
19:28:08.0479 3748
19:28:08.0479 3748 OS Version: 6.1.7601 ServicePack: 1.0
19:28:08.0479 3748 Product type: Workstation
19:28:08.0479 3748 ComputerName: OSPINA-PC
19:28:08.0479 3748 UserName: Ospina
19:28:08.0479 3748 Windows directory: C:\Windows
19:28:08.0479 3748 System windows directory: C:\Windows
19:28:08.0479 3748 Running under WOW64
19:28:08.0479 3748 Processor architecture: Intel x64
19:28:08.0479 3748 Number of processors: 8
19:28:08.0479 3748 Page size: 0x1000
19:28:08.0479 3748 Boot type: Normal boot
19:28:08.0479 3748 ============================================================
19:28:09.0571 3748 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:09.0587 3748 ============================================================
19:28:09.0587 3748 \Device\Harddisk0\DR0:
19:28:09.0587 3748 MBR partitions:
19:28:09.0587 3748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:28:09.0587 3748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
19:28:09.0587 3748 ============================================================
19:28:09.0634 3748 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:09.0634 3748 ============================================================
19:28:09.0634 3748 Initialize success
19:28:09.0634 3748 ============================================================
19:28:21.0583 4464 ============================================================
19:28:21.0583 4464 Scan started
19:28:21.0583 4464 Mode: Manual;
19:28:21.0583 4464 ============================================================
19:28:22.0426 4464 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:28:22.0426 4464 1394ohci - ok
19:28:22.0473 4464 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:28:22.0473 4464 ACPI - ok
19:28:22.0488 4464 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:28:22.0488 4464 AcpiPmi - ok
19:28:22.0519 4464 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:28:22.0519 4464 adfs - ok
19:28:22.0629 4464 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:28:22.0629 4464 AdobeFlashPlayerUpdateSvc - ok
19:28:22.0691 4464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:22.0691 4464 adp94xx - ok
19:28:22.0738 4464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:28:22.0738 4464 adpahci - ok
19:28:22.0753 4464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:28:22.0753 4464 adpu320 - ok
19:28:22.0785 4464 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:28:22.0785 4464 AeLookupSvc - ok
19:28:22.0831 4464 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:28:22.0831 4464 AERTFilters - ok
19:28:22.0894 4464 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:28:22.0894 4464 AFD - ok
19:28:22.0925 4464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:28:22.0925 4464 agp440 - ok
19:28:22.0941 4464 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:28:22.0941 4464 ALG - ok
19:28:22.0956 4464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:28:22.0956 4464 aliide - ok
19:28:22.0956 4464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:28:22.0972 4464 amdide - ok
19:28:22.0972 4464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:28:22.0987 4464 AmdK8 - ok
19:28:22.0987 4464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:28:22.0987 4464 AmdPPM - ok
19:28:23.0003 4464 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:28:23.0003 4464 amdsata - ok
19:28:23.0034 4464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:23.0034 4464 amdsbs - ok
19:28:23.0050 4464 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:28:23.0050 4464 amdxata - ok
19:28:23.0081 4464 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:28:23.0081 4464 AppID - ok
19:28:23.0097 4464 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:28:23.0097 4464 AppIDSvc - ok
19:28:23.0128 4464 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:28:23.0128 4464 Appinfo - ok
19:28:23.0221 4464 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:28:23.0221 4464 Apple Mobile Device - ok
19:28:23.0237 4464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:28:23.0237 4464 arc - ok
19:28:23.0268 4464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:28:23.0268 4464 arcsas - ok
19:28:23.0284 4464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:23.0299 4464 AsyncMac - ok
19:28:23.0299 4464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:28:23.0299 4464 atapi - ok
19:28:23.0362 4464 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:28:23.0362 4464 AudioEndpointBuilder - ok
19:28:23.0362 4464 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:28:23.0377 4464 AudioSrv - ok
19:28:23.0440 4464 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
19:28:23.0440 4464 AVP - ok
19:28:23.0471 4464 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:28:23.0471 4464 AxInstSV - ok
19:28:23.0502 4464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:28:23.0502 4464 b06bdrv - ok
19:28:23.0533 4464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:28:23.0533 4464 b57nd60a - ok
19:28:23.0565 4464 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:28:23.0565 4464 BDESVC - ok
19:28:23.0580 4464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:28:23.0580 4464 Beep - ok
19:28:23.0627 4464 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:28:23.0643 4464 BITS - ok
19:28:23.0658 4464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:23.0658 4464 blbdrive - ok
19:28:23.0736 4464 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:28:23.0752 4464 Bonjour Service - ok
19:28:23.0783 4464 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:28:23.0783 4464 bowser - ok
19:28:23.0799 4464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:28:23.0799 4464 BrFiltLo - ok
19:28:23.0799 4464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:28:23.0799 4464 BrFiltUp - ok
19:28:23.0814 4464 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:28:23.0814 4464 BridgeMP - ok
19:28:23.0861 4464 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:28:23.0861 4464 Browser - ok
19:28:23.0892 4464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:28:23.0892 4464 Brserid - ok
19:28:23.0908 4464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:23.0908 4464 BrSerWdm - ok
19:28:23.0923 4464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:23.0923 4464 BrUsbMdm - ok
19:28:23.0923 4464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:23.0923 4464 BrUsbSer - ok
19:28:23.0939 4464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:23.0939 4464 BTHMODEM - ok
19:28:23.0955 4464 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:28:23.0955 4464 bthserv - ok
19:28:23.0986 4464 catchme - ok
19:28:24.0001 4464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:28:24.0001 4464 cdfs - ok
19:28:24.0033 4464 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:28:24.0033 4464 cdrom - ok
19:28:24.0048 4464 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:28:24.0048 4464 CertPropSvc - ok
19:28:24.0064 4464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:28:24.0064 4464 circlass - ok
19:28:24.0111 4464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:28:24.0111 4464 CLFS - ok
19:28:24.0173 4464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:24.0173 4464 clr_optimization_v2.0.50727_32 - ok
19:28:24.0235 4464 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:28:24.0235 4464 clr_optimization_v2.0.50727_64 - ok
19:28:24.0313 4464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:24.0313 4464 clr_optimization_v4.0.30319_32 - ok
19:28:24.0360 4464 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:28:24.0360 4464 clr_optimization_v4.0.30319_64 - ok
19:28:24.0376 4464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:24.0376 4464 CmBatt - ok
19:28:24.0391 4464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:28:24.0391 4464 cmdide - ok
19:28:24.0438 4464 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:28:24.0454 4464 CNG - ok
19:28:24.0469 4464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:28:24.0469 4464 Compbatt - ok
19:28:24.0485 4464 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:28:24.0485 4464 CompositeBus - ok
19:28:24.0485 4464 COMSysApp - ok
19:28:24.0501 4464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:24.0501 4464 crcdisk - ok
19:28:24.0532 4464 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:28:24.0532 4464 CryptSvc - ok
19:28:24.0579 4464 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:28:24.0579 4464 DcomLaunch - ok
19:28:24.0625 4464 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:28:24.0625 4464 defragsvc - ok
19:28:24.0657 4464 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:28:24.0657 4464 DfsC - ok
19:28:24.0688 4464 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
19:28:24.0703 4464 dg_ssudbus - ok
19:28:24.0719 4464 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:28:24.0719 4464 Dhcp - ok
19:28:24.0735 4464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:28:24.0735 4464 discache - ok
19:28:24.0750 4464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:28:24.0750 4464 Disk - ok
19:28:24.0813 4464 DMService (4e82a6c63af27769d116eab576e5357e) C:\Windows\DOWNLO~1\DMService.exe
19:28:24.0813 4464 DMService - ok
19:28:24.0844 4464 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:28:24.0844 4464 Dnscache - ok
19:28:24.0937 4464 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
19:28:24.0937 4464 DockLoginService - ok
19:28:24.0969 4464 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:28:24.0969 4464 dot3svc - ok
19:28:25.0031 4464 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:28:25.0031 4464 Dot4 - ok
19:28:25.0062 4464 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
19:28:25.0062 4464 Dot4Print - ok
19:28:25.0093 4464 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:28:25.0093 4464 dot4usb - ok
19:28:25.0140 4464 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:28:25.0140 4464 DPS - ok
19:28:25.0156 4464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:28:25.0156 4464 drmkaud - ok
19:28:25.0234 4464 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:28:25.0234 4464 DXGKrnl - ok
19:28:25.0281 4464 eamonm (29b06c2346fc6c39d073391f73fc4bb0) C:\Windows\system32\DRIVERS\eamonm.sys
19:28:25.0296 4464 eamonm - ok
19:28:25.0312 4464 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:28:25.0312 4464 EapHost - ok
19:28:25.0483 4464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:28:25.0499 4464 ebdrv - ok
19:28:25.0593 4464 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:28:25.0593 4464 EFS - ok
19:28:25.0655 4464 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:28:25.0671 4464 ehRecvr - ok
19:28:25.0702 4464 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:28:25.0702 4464 ehSched - ok
19:28:25.0749 4464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:28:25.0749 4464 elxstor - ok
19:28:25.0780 4464 epfw (6be46c1caf414c10cf58cc44191a9ff1) C:\Windows\system32\DRIVERS\epfw.sys
19:28:25.0780 4464 epfw - ok
19:28:25.0811 4464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:28:25.0811 4464 ErrDev - ok
19:28:25.0873 4464 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:28:25.0889 4464 EventSystem - ok
19:28:25.0905 4464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:28:25.0905 4464 exfat - ok
19:28:25.0936 4464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:28:25.0936 4464 fastfat - ok
19:28:25.0983 4464 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:28:25.0983 4464 Fax - ok
19:28:25.0998 4464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:28:25.0998 4464 fdc - ok
19:28:26.0014 4464 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:28:26.0014 4464 fdPHost - ok
19:28:26.0014 4464 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:28:26.0014 4464 FDResPub - ok
19:28:26.0029 4464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:28:26.0029 4464 FileInfo - ok
19:28:26.0045 4464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:28:26.0045 4464 Filetrace - ok
19:28:26.0139 4464 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:28:26.0154 4464 FLEXnet Licensing Service - ok
19:28:26.0232 4464 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:28:26.0248 4464 FLEXnet Licensing Service 64 - ok
19:28:26.0341 4464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:26.0341 4464 flpydisk - ok
19:28:26.0373 4464 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:28:26.0388 4464 FltMgr - ok
19:28:26.0451 4464 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:28:26.0466 4464 FontCache - ok
19:28:26.0529 4464 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:28:26.0529 4464 FontCache3.0.0.0 - ok
19:28:26.0544 4464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:28:26.0544 4464 FsDepends - ok
19:28:26.0591 4464 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:28:26.0591 4464 fssfltr - ok
19:28:26.0747 4464 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:28:26.0763 4464 fsssvc - ok
19:28:26.0809 4464 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:28:26.0825 4464 Fs_Rec - ok
19:28:26.0856 4464 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:28:26.0856 4464 fvevol - ok
19:28:26.0872 4464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:26.0872 4464 gagp30kx - ok
19:28:26.0903 4464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:28:26.0903 4464 GEARAspiWDM - ok
19:28:26.0965 4464 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:28:26.0965 4464 gpsvc - ok
19:28:27.0028 4464 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:28:27.0028 4464 gupdate - ok
19:28:27.0028 4464 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:28:27.0028 4464 gupdatem - ok
19:28:27.0043 4464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:28:27.0043 4464 hcw85cir - ok
19:28:27.0075 4464 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:28:27.0075 4464 HDAudBus - ok
19:28:27.0090 4464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:27.0090 4464 HidBatt - ok
19:28:27.0121 4464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:28:27.0121 4464 HidBth - ok
19:28:27.0137 4464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:28:27.0137 4464 HidIr - ok
19:28:27.0168 4464 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:28:27.0168 4464 hidserv - ok
19:28:27.0168 4464 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:28:27.0168 4464 HidUsb - ok
19:28:27.0199 4464 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:28:27.0199 4464 hkmsvc - ok
19:28:27.0246 4464 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:28:27.0246 4464 HomeGroupListener - ok
19:28:27.0277 4464 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:28:27.0277 4464 HomeGroupProvider - ok
19:28:27.0387 4464 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:28:27.0387 4464 hpqcxs08 - ok
19:28:27.0402 4464 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:28:27.0402 4464 hpqddsvc - ok
19:28:27.0418 4464 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:28:27.0418 4464 HpSAMD - ok
19:28:27.0480 4464 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:28:27.0480 4464 HTTP - ok
19:28:27.0511 4464 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:28:27.0511 4464 hwpolicy - ok
19:28:27.0543 4464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:28:27.0543 4464 i8042prt - ok
19:28:27.0589 4464 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:28:27.0589 4464 iaStor - ok
19:28:27.0636 4464 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:28:27.0636 4464 iaStorV - ok
19:28:27.0745 4464 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:28:27.0745 4464 idsvc - ok
19:28:27.0777 4464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:28:27.0777 4464 iirsp - ok
19:28:27.0839 4464 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:28:27.0839 4464 IKEEXT - ok
19:28:27.0948 4464 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
19:28:27.0948 4464 IntcAzAudAddService - ok
19:28:28.0042 4464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:28:28.0042 4464 intelide - ok
19:28:28.0042 4464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:28:28.0042 4464 intelppm - ok
19:28:28.0089 4464 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:28:28.0089 4464 IPBusEnum - ok
19:28:28.0120 4464 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:28.0120 4464 IpFilterDriver - ok
19:28:28.0182 4464 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:28:28.0182 4464 iphlpsvc - ok
19:28:28.0198 4464 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:28:28.0198 4464 IPMIDRV - ok
19:28:28.0213 4464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:28:28.0213 4464 IPNAT - ok
19:28:28.0291 4464 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
19:28:28.0307 4464 iPod Service - ok
19:28:28.0307 4464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:28:28.0307 4464 IRENUM - ok
19:28:28.0323 4464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:28:28.0323 4464 isapnp - ok
19:28:28.0354 4464 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:28:28.0354 4464 iScsiPrt - ok
19:28:28.0416 4464 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:28:28.0416 4464 k57nd60a - ok
19:28:28.0416 4464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:28.0416 4464 kbdclass - ok
19:28:28.0432 4464 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:28:28.0432 4464 kbdhid - ok
19:28:28.0447 4464 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:28.0463 4464 KeyIso - ok
19:28:28.0510 4464 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
19:28:28.0510 4464 KL1 - ok
19:28:28.0525 4464 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
19:28:28.0525 4464 kl2 - ok
19:28:28.0572 4464 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
19:28:28.0588 4464 KLIF - ok
19:28:28.0603 4464 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
19:28:28.0603 4464 KLIM6 - ok
19:28:28.0603 4464 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
19:28:28.0603 4464 klmouflt - ok
19:28:28.0635 4464 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:28:28.0650 4464 KSecDD - ok
19:28:28.0666 4464 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:28:28.0666 4464 KSecPkg - ok
19:28:28.0681 4464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:28:28.0681 4464 ksthunk - ok
19:28:28.0728 4464 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:28:28.0744 4464 KtmRm - ok
19:28:28.0775 4464 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:28:28.0775 4464 LanmanServer - ok
19:28:28.0806 4464 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:28:28.0806 4464 LanmanWorkstation - ok
19:28:28.0915 4464 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:28:28.0931 4464 LBTServ - ok
19:28:28.0962 4464 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:28:28.0962 4464 LHidFilt - ok
19:28:28.0962 4464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:28:28.0962 4464 lltdio - ok
19:28:28.0993 4464 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:28:28.0993 4464 lltdsvc - ok
19:28:29.0009 4464 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:28:29.0009 4464 lmhosts - ok
19:28:29.0040 4464 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:28:29.0040 4464 LMouFilt - ok
19:28:29.0071 4464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:29.0071 4464 LSI_FC - ok
19:28:29.0071 4464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:29.0087 4464 LSI_SAS - ok
19:28:29.0087 4464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:29.0103 4464 LSI_SAS2 - ok
19:28:29.0118 4464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:29.0118 4464 LSI_SCSI - ok
19:28:29.0149 4464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:28:29.0149 4464 luafv - ok
19:28:29.0181 4464 LUsbFilt (da3494df01c62d821911ed91ce5e1642) C:\Windows\system32\Drivers\LUsbFilt.Sys
19:28:29.0181 4464 LUsbFilt - ok
19:28:29.0227 4464 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:28:29.0227 4464 Mcx2Svc - ok
19:28:29.0243 4464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:28:29.0243 4464 megasas - ok
19:28:29.0259 4464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:29.0274 4464 MegaSR - ok
19:28:29.0290 4464 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:28:29.0290 4464 MMCSS - ok
19:28:29.0290 4464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:28:29.0290 4464 Modem - ok
19:28:29.0321 4464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:28:29.0321 4464 monitor - ok
19:28:29.0337 4464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:28:29.0352 4464 mouclass - ok
19:28:29.0352 4464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:28:29.0352 4464 mouhid - ok
19:28:29.0383 4464 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:28:29.0383 4464 mountmgr - ok
19:28:29.0430 4464 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:28:29.0430 4464 MpFilter - ok
19:28:29.0461 4464 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:28:29.0461 4464 mpio - ok
19:28:29.0477 4464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:28:29.0477 4464 mpsdrv - ok
19:28:29.0508 4464 MpsSvc - ok
19:28:29.0539 4464 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:28:29.0539 4464 MRxDAV - ok
19:28:29.0586 4464 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:29.0586 4464 mrxsmb - ok
19:28:29.0633 4464 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:29.0633 4464 mrxsmb10 - ok
19:28:29.0649 4464 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:29.0649 4464 mrxsmb20 - ok
19:28:29.0664 4464 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:28:29.0664 4464 msahci - ok
19:28:29.0680 4464 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:28:29.0680 4464 msdsm - ok
19:28:29.0695 4464 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:28:29.0695 4464 MSDTC - ok
19:28:29.0727 4464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:28:29.0727 4464 Msfs - ok
19:28:29.0727 4464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:28:29.0742 4464 mshidkmdf - ok
19:28:29.0742 4464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:28:29.0742 4464 msisadrv - ok
19:28:29.0773 4464 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:28:29.0773 4464 MSiSCSI - ok
19:28:29.0773 4464 msiserver - ok
19:28:29.0820 4464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:28:29.0820 4464 MSKSSRV - ok
19:28:29.0883 4464 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:28:29.0898 4464 MsMpSvc - ok
19:28:29.0898 4464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:29.0898 4464 MSPCLOCK - ok
19:28:29.0914 4464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:28:29.0914 4464 MSPQM - ok
19:28:29.0945 4464 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:28:29.0945 4464 MsRPC - ok
19:28:29.0961 4464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:28:29.0961 4464 mssmbios - ok
19:28:29.0976 4464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:28:29.0976 4464 MSTEE - ok
19:28:29.0992 4464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:29.0992 4464 MTConfig - ok
19:28:29.0992 4464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:28:29.0992 4464 Mup - ok
19:28:30.0039 4464 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:28:30.0054 4464 napagent - ok
19:28:30.0085 4464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:28:30.0085 4464 NativeWifiP - ok
19:28:30.0148 4464 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:28:30.0148 4464 NDIS - ok
19:28:30.0163 4464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:30.0179 4464 NdisCap - ok
19:28:30.0179 4464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:30.0179 4464 NdisTapi - ok
19:28:30.0210 4464 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:30.0210 4464 Ndisuio - ok
19:28:30.0226 4464 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:30.0226 4464 NdisWan - ok
19:28:30.0257 4464 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:28:30.0273 4464 NDProxy - ok
19:28:30.0694 4464 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:28:30.0709 4464 Nero BackItUp Scheduler 4.0 - ok
19:28:30.0741 4464 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
19:28:30.0741 4464 Net Driver HPZ12 - ok
19:28:30.0756 4464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:28:30.0756 4464 NetBIOS - ok
19:28:30.0772 4464 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:28:30.0772 4464 NetBT - ok
19:28:30.0787 4464 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:30.0787 4464 Netlogon - ok
19:28:30.0834 4464 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:28:30.0834 4464 Netman - ok
19:28:30.0865 4464 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:28:30.0881 4464 netprofm - ok
19:28:30.0959 4464 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:30.0959 4464 NetTcpPortSharing - ok
19:28:30.0990 4464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:28:30.0990 4464 nfrd960 - ok
19:28:31.0021 4464 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:28:31.0021 4464 NisDrv - ok
19:28:31.0068 4464 NisSrv - ok
19:28:31.0099 4464 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:28:31.0115 4464 NlaSvc - ok
19:28:31.0115 4464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:28:31.0115 4464 Npfs - ok
19:28:31.0146 4464 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:28:31.0146 4464 nsi - ok
19:28:31.0162 4464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:28:31.0162 4464 nsiproxy - ok
19:28:31.0255 4464 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:28:31.0271 4464 Ntfs - ok
19:28:31.0349 4464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:28:31.0349 4464 Null - ok
19:28:31.0380 4464 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
19:28:31.0380 4464 NVHDA - ok
19:28:31.0942 4464 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:28:31.0989 4464 nvlddmkm - ok
19:28:32.0082 4464 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:28:32.0082 4464 nvraid - ok
19:28:32.0098 4464 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:28:32.0098 4464 nvstor - ok
19:28:32.0176 4464 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
19:28:32.0176 4464 nvsvc - ok
19:28:32.0347 4464 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:28:32.0347 4464 nvUpdatusService - ok
19:28:32.0410 4464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:28:32.0410 4464 nv_agp - ok
19:28:32.0503 4464 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:28:32.0503 4464 odserv - ok
19:28:32.0535 4464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:28:32.0535 4464 ohci1394 - ok
19:28:32.0581 4464 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:32.0581 4464 ose - ok
19:28:32.0613 4464 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:28:32.0613 4464 p2pimsvc - ok
19:28:32.0644 4464 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:28:32.0659 4464 p2psvc - ok
19:28:32.0691 4464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:28:32.0691 4464 Parport - ok
19:28:32.0722 4464 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:28:32.0722 4464 partmgr - ok
19:28:32.0737 4464 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:28:32.0737 4464 PcaSvc - ok
19:28:32.0769 4464 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:28:32.0784 4464 pci - ok
19:28:32.0784 4464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:28:32.0784 4464 pciide - ok
19:28:32.0815 4464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:32.0815 4464 pcmcia - ok
19:28:32.0847 4464 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
19:28:32.0862 4464 pcouffin - ok
19:28:32.0878 4464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:28:32.0878 4464 pcw - ok
19:28:32.0925 4464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:28:32.0940 4464 PEAUTH - ok
19:28:33.0018 4464 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:28:33.0018 4464 PerfHost - ok
19:28:33.0096 4464 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:28:33.0112 4464 pla - ok
19:28:33.0159 4464 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:28:33.0159 4464 PlugPlay - ok
19:28:33.0205 4464 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
19:28:33.0205 4464 Pml Driver HPZ12 - ok
19:28:33.0221 4464 PnkBstrA - ok
19:28:33.0237 4464 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:28:33.0237 4464 PNRPAutoReg - ok
19:28:33.0268 4464 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:28:33.0268 4464 PNRPsvc - ok
19:28:33.0315 4464 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:28:33.0315 4464 PolicyAgent - ok
19:28:33.0346 4464 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:28:33.0346 4464 Power - ok
19:28:33.0393 4464 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:28:33.0393 4464 PptpMiniport - ok
19:28:33.0424 4464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:28:33.0424 4464 Processor - ok
19:28:33.0455 4464 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:28:33.0455 4464 ProfSvc - ok
19:28:33.0471 4464 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:33.0471 4464 ProtectedStorage - ok
19:28:33.0502 4464 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:28:33.0517 4464 Psched - ok
19:28:33.0533 4464 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:28:33.0533 4464 PxHlpa64 - ok
19:28:33.0611 4464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:28:33.0627 4464 ql2300 - ok
19:28:33.0689 4464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:28:33.0689 4464 ql40xx - ok
19:28:33.0720 4464 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:28:33.0720 4464 QWAVE - ok
19:28:33.0736 4464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:28:33.0736 4464 QWAVEdrv - ok
19:28:33.0751 4464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:28:33.0751 4464 RasAcd - ok
19:28:33.0783 4464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:33.0783 4464 RasAgileVpn - ok
19:28:33.0798 4464 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:28:33.0798 4464 RasAuto - ok
19:28:33.0829 4464 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:33.0829 4464 Rasl2tp - ok
19:28:33.0845 4464 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:28:33.0845 4464 RasMan - ok
19:28:33.0861 4464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:33.0861 4464 RasPppoe - ok
19:28:33.0876 4464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:28:33.0876 4464 RasSstp - ok
19:28:33.0907 4464 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:28:33.0907 4464 rdbss - ok
19:28:33.0923 4464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:33.0923 4464 rdpbus - ok
19:28:33.0939 4464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:33.0939 4464 RDPCDD - ok
19:28:33.0939 4464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:28:33.0939 4464 RDPENCDD - ok
19:28:33.0954 4464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:28:33.0954 4464 RDPREFMP - ok
19:28:33.0985 4464 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:28:33.0985 4464 RDPWD - ok
19:28:34.0032 4464 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:28:34.0032 4464 rdyboost - ok
19:28:34.0063 4464 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:28:34.0063 4464 RemoteAccess - ok
19:28:34.0079 4464 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:28:34.0079 4464 RemoteRegistry - ok
19:28:34.0188 4464 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
19:28:34.0188 4464 RichVideo - ok
19:28:34.0219 4464 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:28:34.0219 4464 RimUsb - ok
19:28:34.0251 4464 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:28:34.0251 4464 RimVSerPort - ok
19:28:34.0251 4464 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:28:34.0266 4464 ROOTMODEM - ok
19:28:34.0266 4464 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:28:34.0266 4464 RpcEptMapper - ok
19:28:34.0282 4464 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:28:34.0282 4464 RpcLocator - ok
19:28:34.0329 4464 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:28:34.0329 4464 RpcSs - ok
19:28:34.0344 4464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:28:34.0344 4464 rspndr - ok
19:28:34.0375 4464 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:34.0375 4464 SamSs - ok
19:28:34.0407 4464 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:28:34.0407 4464 sbp2port - ok
19:28:34.0438 4464 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:28:34.0438 4464 SCardSvr - ok
19:28:34.0469 4464 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:28:34.0469 4464 scfilter - ok
19:28:34.0531 4464 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:28:34.0547 4464 Schedule - ok
19:28:34.0563 4464 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:28:34.0578 4464 SCPolicySvc - ok
19:28:34.0609 4464 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:28:34.0609 4464 SDRSVC - ok
19:28:34.0672 4464 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:28:34.0672 4464 SeaPort - ok
19:28:34.0703 4464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:28:34.0719 4464 secdrv - ok
19:28:34.0719 4464 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:28:34.0719 4464 seclogon - ok
19:28:34.0734 4464 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:28:34.0734 4464 SENS - ok
19:28:34.0750 4464 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:28:34.0750 4464 SensrSvc - ok
19:28:34.0765 4464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:28:34.0765 4464 Serenum - ok
19:28:34.0781 4464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:28:34.0781 4464 Serial - ok
19:28:34.0812 4464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:28:34.0812 4464 sermouse - ok
19:28:34.0843 4464 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:28:34.0859 4464 SessionEnv - ok
19:28:34.0875 4464 SessionLauncher - ok
19:28:34.0890 4464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:28:34.0906 4464 sffdisk - ok
19:28:34.0906 4464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:28:34.0906 4464 sffp_mmc - ok
19:28:34.0937 4464 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:28:34.0937 4464 sffp_sd - ok
19:28:34.0968 4464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:34.0968 4464 sfloppy - ok
19:28:34.0999 4464 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:28:34.0999 4464 SharedAccess - ok
19:28:35.0046 4464 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:28:35.0046 4464 ShellHWDetection - ok
19:28:35.0062 4464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:28:35.0062 4464 SiSRaid2 - ok
19:28:35.0077 4464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:28:35.0077 4464 SiSRaid4 - ok
19:28:35.0093 4464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:28:35.0093 4464 Smb - ok
19:28:35.0109 4464 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:28:35.0109 4464 SNMPTRAP - ok
19:28:35.0109 4464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:28:35.0109 4464 spldr - ok
19:28:35.0140 4464 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:28:35.0155 4464 Spooler - ok
19:28:35.0311 4464 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:28:35.0327 4464 sppsvc - ok
19:28:35.0405 4464 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:28:35.0405 4464 sppuinotify - ok
19:28:35.0467 4464 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:28:35.0467 4464 srv - ok
19:28:35.0545 4464 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:28:35.0545 4464 srv2 - ok
19:28:35.0561 4464 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:28:35.0561 4464 srvnet - ok
19:28:35.0592 4464 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:28:35.0592 4464 SSDPSRV - ok
19:28:35.0608 4464 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:28:35.0608 4464 SstpSvc - ok
19:28:35.0655 4464 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
19:28:35.0670 4464 ssudmdm - ok
19:28:35.0717 4464 Steam Client Service - ok
19:28:35.0795 4464 Stereo Service (29662881a46db66730c62a4f1bfa3dc2) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:28:35.0795 4464 Stereo Service - ok
19:28:35.0811 4464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:28:35.0826 4464 stexstor - ok
19:28:35.0857 4464 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:28:35.0873 4464 stisvc - ok
19:28:35.0920 4464 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:28:35.0935 4464 stllssvr - ok
19:28:35.0951 4464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:28:35.0951 4464 swenum - ok
19:28:35.0982 4464 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:28:35.0998 4464 swprv - ok
19:28:36.0091 4464 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:28:36.0107 4464 SysMain - ok
19:28:36.0169 4464 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:28:36.0169 4464 TabletInputService - ok
19:28:36.0201 4464 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:28:36.0201 4464 TapiSrv - ok
19:28:36.0216 4464 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:28:36.0216 4464 TBS - ok
19:28:36.0341 4464 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:28:36.0357 4464 Tcpip - ok
19:28:36.0450 4464 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:28:36.0466 4464 TCPIP6 - ok
19:28:36.0513 4464 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:28:36.0513 4464 tcpipreg - ok
19:28:36.0544 4464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:28:36.0544 4464 TDPIPE - ok
19:28:36.0575 4464 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:28:36.0575 4464 TDTCP - ok
19:28:36.0606 4464 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:28:36.0606 4464 tdx - ok
19:28:36.0637 4464 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:28:36.0637 4464 TermDD - ok
19:28:36.0684 4464 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:28:36.0700 4464 TermService - ok
19:28:36.0700 4464 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:28:36.0700 4464 Themes - ok
19:28:36.0731 4464 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:28:36.0731 4464 THREADORDER - ok
19:28:36.0762 4464 Tpkd (e36c2b04b7eb90a7c3e29ebdfc3a8d30) C:\Windows\system32\drivers\Tpkd.sys
19:28:36.0778 4464 Tpkd - ok
19:28:36.0778 4464 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:28:36.0793 4464 TrkWks - ok
19:28:36.0840 4464 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:28:36.0840 4464 TrustedInstaller - ok
19:28:36.0887 4464 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:36.0887 4464 tssecsrv - ok
19:28:37.0012 4464 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:28:37.0012 4464 TsUsbFlt - ok
19:28:37.0043 4464 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:28:37.0043 4464 tunnel - ok
19:28:37.0074 4464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:28:37.0074 4464 uagp35 - ok
19:28:37.0152 4464 uagqecsvc (e212cd75c7558450c0890710f892084c) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
19:28:37.0152 4464 uagqecsvc - ok
19:28:37.0215 4464 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:28:37.0215 4464 udfs - ok
19:28:37.0230 4464 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:28:37.0246 4464 UI0Detect - ok
19:28:37.0261 4464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:28:37.0261 4464 uliagpkx - ok
19:28:37.0293 4464 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:28:37.0293 4464 umbus - ok
19:28:37.0308 4464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:28:37.0308 4464 UmPass - ok
19:28:37.0339 4464 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:28:37.0339 4464 upnphost - ok
19:28:37.0371 4464 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:28:37.0371 4464 USBAAPL64 - ok
19:28:37.0386 4464 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:37.0402 4464 usbccgp - ok
19:28:37.0417 4464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:28:37.0417 4464 usbcir - ok
19:28:37.0417 4464 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:28:37.0417 4464 usbehci - ok
19:28:37.0449 4464 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:28:37.0449 4464 usbhub - ok
19:28:37.0464 4464 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:28:37.0464 4464 usbohci - ok
19:28:37.0480 4464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:28:37.0480 4464 usbprint - ok
19:28:37.0511 4464 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:28:37.0511 4464 usbscan - ok
19:28:37.0527 4464 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:37.0527 4464 USBSTOR - ok
19:28:37.0542 4464 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:28:37.0542 4464 usbuhci - ok
19:28:37.0558 4464 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:28:37.0558 4464 UxSms - ok
19:28:37.0589 4464 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:37.0589 4464 VaultSvc - ok
19:28:37.0651 4464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:28:37.0651 4464 vdrvroot - ok
19:28:37.0683 4464 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:28:37.0698 4464 vds - ok
19:28:37.0714 4464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:37.0714 4464 vga - ok
19:28:37.0714 4464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:28:37.0729 4464 VgaSave - ok
19:28:37.0745 4464 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:28:37.0745 4464 vhdmp - ok
19:28:37.0761 4464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:28:37.0761 4464 viaide - ok
19:28:37.0792 4464 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:28:37.0792 4464 volmgr - ok
19:28:37.0839 4464 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:28:37.0839 4464 volmgrx - ok
19:28:37.0854 4464 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:28:37.0854 4464 volsnap - ok
19:28:37.0885 4464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:28:37.0885 4464 vsmraid - ok
19:28:37.0963 4464 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:28:37.0979 4464 VSS - ok
19:28:38.0088 4464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:28:38.0088 4464 vwifibus - ok
19:28:38.0119 4464 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:28:38.0119 4464 W32Time - ok
19:28:38.0151 4464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:28:38.0151 4464 WacomPen - ok
19:28:38.0166 4464 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:38.0166 4464 WANARP - ok
19:28:38.0166 4464 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:38.0182 4464 Wanarpv6 - ok
19:28:38.0260 4464 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:28:38.0275 4464 WatAdminSvc - ok
19:28:38.0369 4464 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:28:38.0385 4464 wbengine - ok
19:28:38.0416 4464 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:28:38.0431 4464 WbioSrvc - ok
19:28:38.0447 4464 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:28:38.0463 4464 wcncsvc - ok
19:28:38.0463 4464 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:28:38.0463 4464 WcsPlugInService - ok
19:28:38.0494 4464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:28:38.0494 4464 Wd - ok
19:28:38.0541 4464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:28:38.0541 4464 Wdf01000 - ok
19:28:38.0556 4464 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:28:38.0556 4464 WdiServiceHost - ok
19:28:38.0556 4464 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:28:38.0556 4464 WdiSystemHost - ok
19:28:38.0587 4464 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:28:38.0587 4464 WebClient - ok
19:28:38.0603 4464 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:28:38.0603 4464 Wecsvc - ok
19:28:38.0619 4464 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:28:38.0619 4464 wercplsupport - ok
19:28:38.0634 4464 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:28:38.0634 4464 WerSvc - ok
19:28:38.0634 4464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:38.0634 4464 WfpLwf - ok
19:28:38.0650 4464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:28:38.0665 4464 WIMMount - ok
19:28:38.0697 4464 WinDefend - ok
19:28:38.0712 4464 WinHttpAutoProxySvc - ok
19:28:38.0759 4464 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:28:38.0759 4464 Winmgmt - ok
19:28:38.0868 4464 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:28:38.0884 4464 WinRM - ok
19:28:38.0962 4464 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:28:38.0962 4464 WinUsb - ok
19:28:39.0040 4464 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:28:39.0040 4464 Wlansvc - ok
19:28:39.0118 4464 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:28:39.0118 4464 wlcrasvc - ok
19:28:39.0243 4464 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:39.0258 4464 wlidsvc - ok
19:28:39.0289 4464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:28:39.0289 4464 WmiAcpi - ok
19:28:39.0352 4464 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:28:39.0352 4464 wmiApSrv - ok
19:28:39.0367 4464 WMPNetworkSvc - ok
19:28:39.0383 4464 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:28:39.0383 4464 WPCSvc - ok
19:28:39.0399 4464 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:28:39.0414 4464 WPDBusEnum - ok
19:28:39.0430 4464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:28:39.0430 4464 ws2ifsl - ok
19:28:39.0492 4464 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:28:39.0492 4464 wscsvc - ok
19:28:39.0492 4464 WSearch - ok
19:28:39.0617 4464 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:28:39.0633 4464 wuauserv - ok
19:28:39.0695 4464 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:28:39.0695 4464 WudfPf - ok
19:28:39.0726 4464 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:39.0726 4464 WUDFRd - ok
19:28:39.0757 4464 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:28:39.0757 4464 wudfsvc - ok
19:28:39.0789 4464 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:28:39.0804 4464 WwanSvc - ok
19:28:39.0820 4464 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:28:39.0991 4464 \Device\Harddisk0\DR0 - ok
19:28:39.0991 4464 Boot (0x1200) (91a146e2141a431dc058c951b9566fe4) \Device\Harddisk0\DR0\Partition0
19:28:39.0991 4464 \Device\Harddisk0\DR0\Partition0 - ok
19:28:40.0007 4464 Boot (0x1200) (804c82b0a3a4e695c070ab41e68397c2) \Device\Harddisk0\DR0\Partition1
19:28:40.0007 4464 \Device\Harddisk0\DR0\Partition1 - ok
19:28:40.0007 4464 ============================================================
19:28:40.0007 4464 Scan finished
19:28:40.0007 4464 ============================================================
19:28:40.0023 2260 Detected object count: 0
19:28:40.0023 2260 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 19:31:27
-----------------------------
19:31:27.099 OS Version: Windows x64 6.1.7601 Service Pack 1
19:31:27.099 Number of processors: 8 586 0x1E05
19:31:27.099 ComputerName: OSPINA-PC UserName: Ospina
19:31:28.660 Initialize success
19:32:35.740 AVAST engine defs: 12061101
19:32:42.011 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:32:42.011 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01117 Size: 953869MB BusType: 3
19:32:42.073 Disk 0 MBR read successfully
19:32:42.073 Disk 0 MBR scan
19:32:42.073 Disk 0 Windows VISTA default MBR code
19:32:42.136 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:32:42.151 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:32:42.214 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938828 MB offset 30801920
19:32:42.229 Disk 0 scanning C:\Windows\system32\drivers
19:32:50.872 Service scanning
19:33:06.800 Modules scanning
19:33:06.800 Disk 0 trace - called modules:
19:33:06.815 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:33:06.815 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e4f790]
19:33:06.815 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8007afb570]
19:33:06.831 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b15060]
19:33:08.172 AVAST engine scan C:\Windows
19:33:11.495 AVAST engine scan C:\Windows\system32
19:35:34.345 AVAST engine scan C:\Windows\system32\drivers
19:35:44.578 AVAST engine scan C:\Users\Ospina
20:02:14.925 AVAST engine scan C:\ProgramData
20:51:34.108 Scan finished successfully
21:46:39.818 Disk 0 MBR has been saved successfully to "C:\Users\Ospina\Desktop\clean instructions\MBR.dat"
21:46:39.834 The log file has been saved successfully to "C:\Users\Ospina\Desktop\clean instructions\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 12 June 2012 - 08:03 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 June 2012 - 09:05 PM

will this cause me to lose all my personal files?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 13 June 2012 - 09:13 PM

this will only give me a report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 June 2012 - 10:34 PM

Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02
Ran by SYSTEM at 13-06-2012 23:27:24
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-25] (Logitech, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [FontExpertType1Loader] C:\Program Files (x86)\FontExpert\Type1Loader.exe [294152 2008-12-14] (Proxima Software)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [202296 2011-04-24] (Kaspersky Lab ZAO)
HKU\Mcx1-OSPINA-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1-OSPINA-PC\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [202296 2011-04-24] (Kaspersky Lab ZAO)
3 DMService; C:\Windows\DOWNLO~1\DMService.exe [487312 2011-10-31] (Microsoft Corporation)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2010-01-17] (Acresso Software Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-05-28] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [247152 2009-04-17] ()
2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
3 catchme; \??\C:\123.exe\catchme.sys [x]
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

3 Dot4Print; C:\Windows\system32\drivers\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [166984 2010-06-24] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [169592 2010-04-28] (ESET)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [615728 2012-06-06] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.sys [41040 2010-03-18] (Logitech, Inc.)
3 MpsSvc; . [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-12 18:19 - 2012-06-12 18:19 - 00007608 ____A C:\Users\Ospina\AppData\Local\Resmon.ResmonCfg
2012-06-12 18:12 - 2012-06-12 18:15 - 01402157 ____A C:\Users\Ospina\Downloads\FRST64.exe
2012-06-11 15:29 - 2012-06-11 15:30 - 04731392 ____A (AVAST Software) C:\Users\Ospina\Downloads\aswMBR.exe
2012-06-11 15:28 - 2012-06-11 15:30 - 00129448 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_19.28.08_log.txt
2012-06-11 15:27 - 2012-06-11 15:27 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ospina\Downloads\tdsskiller(2).exe
2012-06-11 15:26 - 2012-06-11 15:26 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ospina\Downloads\tdsskiller(1).exe
2012-06-11 14:40 - 2012-06-11 14:40 - 00025972 ____A C:\ComboFix.txt
2012-06-11 14:19 - 2012-06-11 14:19 - 04542341 ____R (Swearware) C:\Users\Ospina\Downloads\ComboFix.exe
2012-06-11 13:24 - 2012-06-11 13:24 - 00607260 ____R (Swearware) C:\Users\Ospina\Downloads\dds.scr
2012-06-11 13:19 - 2012-06-11 13:19 - 00853862 ____A C:\Users\Ospina\Downloads\SecurityCheck.exe
2012-06-11 13:18 - 2012-06-11 13:18 - 00000182 ____A C:\Users\Ospina\defogger_reenable
2012-06-11 13:11 - 2012-06-11 13:11 - 00050477 ____A C:\Users\Ospina\Downloads\Defogger.exe
2012-06-11 13:01 - 2012-06-11 17:46 - 00000000 ____D C:\Users\Ospina\Desktop\clean instructions
2012-06-08 10:17 - 2012-06-08 10:17 - 00000632 ____A C:\Users\Ospina\Downloads\TmRCMScanDebug20120608_00.log
2012-06-08 10:16 - 2012-06-08 10:17 - 08570384 ____A (Trend Micro Inc.) C:\Users\Ospina\Downloads\RootkitBuster.exe
2012-06-08 07:29 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-08 07:29 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-08 07:29 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-08 07:29 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-08 07:29 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-08 07:29 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-08 07:29 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-08 07:29 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-08 07:28 - 2012-06-11 14:34 - 00000000 ____D C:\Windows\ERDNT
2012-06-08 07:27 - 2012-06-11 14:40 - 00000000 ____D C:\Qoobox
2012-06-07 23:46 - 2012-06-08 07:29 - 04539027 ____R (Swearware) C:\Users\Ospina\Downloads\123.exe.exe
2012-06-07 01:48 - 2012-06-07 04:03 - 00128598 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.48.26_log.txt
2012-06-07 01:39 - 2012-06-07 01:47 - 00513864 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.39.16_log.txt
2012-06-07 01:32 - 2012-06-07 01:32 - 00003211 ____A C:\Users\Ospina\Desktop\Sophos Virus Removal Tool.lnk
2012-06-07 01:32 - 2012-06-07 01:32 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-07 01:32 - 2012-06-07 01:32 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-06-07 01:31 - 2012-06-07 01:44 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 01:30 - 2012-06-07 01:34 - 00129950 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.30.16_log.txt
2012-06-07 01:29 - 2012-06-07 01:29 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ospina\Downloads\tdsskiller.exe
2012-06-07 01:27 - 2012-06-07 01:31 - 83882024 ____A (Sophos Limited) C:\Users\Ospina\Downloads\Sophos Virus Removal Tool.exe
2012-06-07 01:23 - 2012-06-07 01:23 - 00000237 ____A C:\Users\Ospina\Downloads\RootkitRemover20120607052353.txt
2012-06-07 01:21 - 2012-06-07 01:21 - 00475712 ____A (McAfee, Inc.) C:\Users\Ospina\Downloads\rootkitremover.exe
2012-06-07 00:07 - 2012-06-07 00:07 - 00017408 ____A C:\Users\Ospina\AppData\Local\WebpageIcons.db
2012-06-06 23:59 - 2012-06-06 23:59 - 00152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-06-06 23:59 - 2012-06-06 23:59 - 00107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-06-06 23:58 - 2012-06-13 19:20 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-06 23:58 - 2012-06-06 23:58 - 00615728 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-06-06 23:58 - 2012-06-06 23:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-06 23:42 - 2012-06-06 23:43 - 175546056 ____A (Kaspersky Lab) C:\Users\Ospina\Downloads\kis12.0.0.374aEN_2870.exe
2012-06-06 22:45 - 2012-06-06 23:16 - 01287136 ____A C:\Windows\ntbtlog.txt
2012-06-06 22:10 - 2012-06-06 22:10 - 00000359 ____A C:\Users\Ospina\Desktop\Recycle Bin - Shortcut.lnk
2012-06-06 22:04 - 2012-06-06 22:04 - 16773048 ____A (Microsoft Corporation) C:\Users\Ospina\Downloads\Windows-KB890830-x64-V4.8.exe
2012-06-06 22:04 - 2012-04-26 16:08 - 55656824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-06 22:03 - 2012-06-06 23:57 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-06 22:03 - 2012-06-06 22:03 - 16111032 ____A (Microsoft Corporation) C:\Users\Ospina\Downloads\Windows-KB890830-V4.8.exe
2012-06-06 22:02 - 2012-06-06 23:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-06 22:02 - 2012-06-06 23:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-06 22:02 - 2012-06-06 22:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Ospina\Downloads\mseinstall.exe
2012-06-06 22:02 - 2012-06-06 22:02 - 00735282 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-06 21:35 - 2012-06-06 21:35 - 05154304 ____A C:\Users\Ospina\Downloads\WindowsDefender.msi
2012-06-06 21:22 - 2012-06-06 21:22 - 00007586 ____A C:\Users\Ospina\Downloads\WinDefend.reg
2012-06-06 21:10 - 2012-06-06 21:10 - 00000000 ____D C:\Users\All Users\ESET
2012-06-06 21:10 - 2012-06-06 21:10 - 00000000 ____D C:\Program Files\ESET
2012-06-06 20:06 - 2012-06-06 20:08 - 07045888 ____A C:\Users\Ospina\Downloads\en32 03 June 2012.zip
2012-06-03 06:16 - 2012-06-03 06:16 - 00036352 ____A C:\Users\Ospina\Documents\Qatar Jaju.doc
2012-06-03 06:07 - 2012-06-03 06:07 - 01012648 ____A C:\Windows\Minidump\060312-22136-01.dmp
2012-06-02 13:19 - 2012-06-13 18:24 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-02 13:19 - 2012-06-13 18:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-02 13:19 - 2012-06-02 13:20 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-02 10:43 - 2012-06-02 10:43 - 00739832 ____A (Google Inc.) C:\Users\Ospina\Downloads\GoogleEarthPluginSetup.exe
2012-06-02 06:11 - 2012-06-02 06:11 - 01046840 ____A C:\Windows\Minidump\060212-20514-01.dmp
2012-06-01 13:35 - 2012-06-03 06:52 - 00058368 ____A C:\Users\Ospina\Desktop\ADResume12.doc
2012-06-01 13:34 - 2012-06-03 06:49 - 00047104 ____A C:\Users\Ospina\Desktop\Coverletter2012.doc
2012-06-01 05:47 - 2012-06-01 05:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-01 05:43 - 2012-06-01 05:43 - 01022352 ____A C:\Windows\Minidump\060112-17659-01.dmp
2012-05-31 19:55 - 2012-05-31 19:55 - 00000162 ___AH C:\Users\Ospina\Desktop\~$Resume11WSIB.doc
2012-05-31 16:27 - 2012-06-03 06:41 - 00034304 ____A C:\Users\Ospina\Desktop\qatar.doc
2012-05-31 16:27 - 2012-05-31 16:27 - 00000162 ___AH C:\Users\Ospina\Desktop\~$qatar.doc
2012-05-28 03:58 - 2012-05-28 03:58 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-28 03:58 - 2012-05-28 03:58 - 00000000 ____D C:\Users\Ospina\Documents\Battlefield 3
2012-05-28 03:58 - 2012-05-28 03:58 - 00000000 ____D C:\Users\Ospina\AppData\Local\PunkBuster
2012-05-28 03:39 - 2012-05-28 03:39 - 03870984 ____A C:\Users\Ospina\Downloads\battlelog-web-plugins-1.118.0-retail-prod.exe
2012-05-28 03:39 - 2012-05-28 03:39 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-05-28 03:36 - 2012-05-28 03:36 - 00000000 ____D C:\Users\All Users\EA Core
2012-05-28 03:34 - 2012-05-28 03:56 - 00000000 ____D C:\Users\All Users\EA Logs
2012-05-28 02:51 - 2012-05-28 03:48 - 00001176 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2012-05-27 21:23 - 2012-05-28 03:58 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-27 21:23 - 2012-05-28 03:48 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-27 21:22 - 2012-05-28 03:47 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-27 19:32 - 2012-05-27 19:32 - 00001003 ____A C:\Users\Ospina\Desktop\Origin.lnk
2012-05-26 23:05 - 2012-05-26 23:05 - 01046912 ____A C:\Windows\Minidump\052712-19734-01.dmp
2012-05-22 07:53 - 2012-05-22 07:53 - 00011312 ____A C:\Users\Ospina\Desktop\Marriage_Preparation_Registration_Form.pdf
2012-05-22 07:42 - 2012-05-22 07:42 - 00000000 ____D C:\Users\Ospina\AppData\Local\{1671B6CE-E8A3-4401-AFBC-FF0EE666C712}
2012-05-21 08:42 - 2012-05-21 08:44 - 00000000 ____D C:\Users\Ospina\Desktop\Sound Design
2012-05-20 06:17 - 2012-05-20 06:17 - 01032120 ____A C:\Windows\Minidump\052012-18470-01.dmp
2012-05-19 05:20 - 2012-05-19 05:21 - 01076880 ____A C:\Windows\Minidump\051912-17784-01.dmp


============ 3 Months Modified Files and Folders =============

2012-06-13 23:27 - 2012-06-13 23:27 - 00000000 ____D C:\FRST
2012-06-13 19:20 - 2012-06-06 23:58 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-13 19:20 - 2009-12-31 18:59 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-13 19:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-13 19:20 - 2009-07-13 20:51 - 00093691 ____A C:\Windows\setupact.log
2012-06-13 19:06 - 2009-07-13 21:10 - 01831398 ____A C:\Windows\WindowsUpdate.log
2012-06-13 19:03 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 18:24 - 2012-06-02 13:19 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-13 18:21 - 2012-04-23 20:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-13 18:03 - 2012-06-02 13:19 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 18:29 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 18:29 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 18:19 - 2012-06-12 18:19 - 00007608 ____A C:\Users\Ospina\AppData\Local\Resmon.ResmonCfg
2012-06-12 18:15 - 2012-06-12 18:12 - 01402157 ____A C:\Users\Ospina\Downloads\FRST64.exe
2012-06-11 17:46 - 2012-06-11 13:01 - 00000000 ____D C:\Users\Ospina\Desktop\clean instructions
2012-06-11 15:30 - 2012-06-11 15:29 - 04731392 ____A (AVAST Software) C:\Users\Ospina\Downloads\aswMBR.exe
2012-06-11 15:30 - 2012-06-11 15:28 - 00129448 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_19.28.08_log.txt
2012-06-11 15:27 - 2012-06-11 15:27 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ospina\Downloads\tdsskiller(2).exe
2012-06-11 15:26 - 2012-06-11 15:26 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ospina\Downloads\tdsskiller(1).exe
2012-06-11 14:40 - 2012-06-11 14:40 - 00025972 ____A C:\ComboFix.txt
2012-06-11 14:40 - 2012-06-08 07:27 - 00000000 ____D C:\Qoobox
2012-06-11 14:34 - 2012-06-08 07:28 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 14:34 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-11 14:34 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-11 14:32 - 2009-12-31 20:54 - 00352620 ____A C:\Windows\PFRO.log
2012-06-11 14:32 - 2009-07-13 21:08 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 14:19 - 2012-06-11 14:19 - 04542341 ____R (Swearware) C:\Users\Ospina\Downloads\ComboFix.exe
2012-06-11 13:24 - 2012-06-11 13:24 - 00607260 ____R (Swearware) C:\Users\Ospina\Downloads\dds.scr
2012-06-11 13:19 - 2012-06-11 13:19 - 00853862 ____A C:\Users\Ospina\Downloads\SecurityCheck.exe
2012-06-11 13:18 - 2012-06-11 13:18 - 00000182 ____A C:\Users\Ospina\defogger_reenable
2012-06-11 13:18 - 2010-01-14 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-11 13:18 - 2010-01-14 21:08 - 00000000 ____D C:\users\Ospina
2012-06-11 13:11 - 2012-06-11 13:11 - 00050477 ____A C:\Users\Ospina\Downloads\Defogger.exe
2012-06-08 10:17 - 2012-06-08 10:17 - 00000632 ____A C:\Users\Ospina\Downloads\TmRCMScanDebug20120608_00.log
2012-06-08 10:17 - 2012-06-08 10:16 - 08570384 ____A (Trend Micro Inc.) C:\Users\Ospina\Downloads\RootkitBuster.exe
2012-06-08 10:07 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-08 07:29 - 2012-06-07 23:46 - 04539027 ____R (Swearware) C:\Users\Ospina\Downloads\123.exe.exe
2012-06-08 00:36 - 2010-02-19 11:34 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-06-07 04:03 - 2012-06-07 01:48 - 00128598 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.48.26_log.txt
2012-06-07 01:47 - 2012-06-07 01:39 - 00513864 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.39.16_log.txt
2012-06-07 01:44 - 2012-06-07 01:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 01:34 - 2012-06-07 01:30 - 00129950 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.30.16_log.txt
2012-06-07 01:32 - 2012-06-07 01:32 - 00003211 ____A C:\Users\Ospina\Desktop\Sophos Virus Removal Tool.lnk
2012-06-07 01:32 - 2012-06-07 01:32 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-07 01:32 - 2012-06-07 01:32 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-06-07 01:31 - 2012-06-07 01:27 - 83882024 ____A (Sophos Limited) C:\Users\Ospina\Downloads\Sophos Virus Removal Tool.exe
2012-06-07 01:29 - 2012-06-07 01:29 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ospina\Downloads\tdsskiller.exe
2012-06-07 01:23 - 2012-06-07 01:23 - 00000237 ____A C:\Users\Ospina\Downloads\RootkitRemover20120607052353.txt
2012-06-07 01:21 - 2012-06-07 01:21 - 00475712 ____A (McAfee, Inc.) C:\Users\Ospina\Downloads\rootkitremover.exe
2012-06-07 00:07 - 2012-06-07 00:07 - 00017408 ____A C:\Users\Ospina\AppData\Local\WebpageIcons.db
2012-06-06 23:59 - 2012-06-06 23:59 - 00152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-06-06 23:59 - 2012-06-06 23:59 - 00107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-06-06 23:58 - 2012-06-06 23:58 - 00615728 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-06-06 23:58 - 2012-06-06 23:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-06 23:57 - 2012-06-06 22:03 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-06 23:57 - 2012-06-06 22:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-06 23:57 - 2012-06-06 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-06 23:43 - 2012-06-06 23:42 - 175546056 ____A (Kaspersky Lab) C:\Users\Ospina\Downloads\kis12.0.0.374aEN_2870.exe
2012-06-06 23:16 - 2012-06-06 22:45 - 01287136 ____A C:\Windows\ntbtlog.txt
2012-06-06 22:46 - 2012-05-08 13:00 - 00000000 ____D C:\Users\Ospina\Desktop\Andy pictures
2012-06-06 22:46 - 2010-11-07 18:04 - 00387584 __ASH C:\Users\Ospina\Desktop\Thumbs.db
2012-06-06 22:10 - 2012-06-06 22:10 - 00000359 ____A C:\Users\Ospina\Desktop\Recycle Bin - Shortcut.lnk
2012-06-06 22:04 - 2012-06-06 22:04 - 16773048 ____A (Microsoft Corporation) C:\Users\Ospina\Downloads\Windows-KB890830-x64-V4.8.exe
2012-06-06 22:03 - 2012-06-06 22:03 - 16111032 ____A (Microsoft Corporation) C:\Users\Ospina\Downloads\Windows-KB890830-V4.8.exe
2012-06-06 22:02 - 2012-06-06 22:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Ospina\Downloads\mseinstall.exe
2012-06-06 22:02 - 2012-06-06 22:02 - 00735282 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-06 21:35 - 2012-06-06 21:35 - 05154304 ____A C:\Users\Ospina\Downloads\WindowsDefender.msi
2012-06-06 21:22 - 2012-06-06 21:22 - 00007586 ____A C:\Users\Ospina\Downloads\WinDefend.reg
2012-06-06 21:10 - 2012-06-06 21:10 - 00000000 ____D C:\Users\All Users\ESET
2012-06-06 21:10 - 2012-06-06 21:10 - 00000000 ____D C:\Program Files\ESET
2012-06-06 21:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-06 20:36 - 2010-02-01 13:53 - 00000000 ____D C:\Users\Ospina\AppData\Local\ElevatedDiagnostics
2012-06-06 20:18 - 2012-01-10 18:14 - 00000000 __SHD C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}
2012-06-06 20:12 - 2009-12-31 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-06 20:08 - 2012-06-06 20:06 - 07045888 ____A C:\Users\Ospina\Downloads\en32 03 June 2012.zip
2012-06-03 06:52 - 2012-06-01 13:35 - 00058368 ____A C:\Users\Ospina\Desktop\ADResume12.doc
2012-06-03 06:49 - 2012-06-01 13:34 - 00047104 ____A C:\Users\Ospina\Desktop\Coverletter2012.doc
2012-06-03 06:41 - 2012-05-31 16:27 - 00034304 ____A C:\Users\Ospina\Desktop\qatar.doc
2012-06-03 06:16 - 2012-06-03 06:16 - 00036352 ____A C:\Users\Ospina\Documents\Qatar Jaju.doc
2012-06-03 06:07 - 2012-06-03 06:07 - 01012648 ____A C:\Windows\Minidump\060312-22136-01.dmp
2012-06-03 06:07 - 2011-08-03 16:38 - 511208323 ____A C:\Windows\MEMORY.DMP
2012-06-03 06:07 - 2011-08-03 16:38 - 00000000 ____D C:\Windows\Minidump
2012-06-02 13:20 - 2012-06-02 13:19 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-02 13:19 - 2011-11-07 18:50 - 00000000 ____D C:\Users\Ospina\AppData\Local\Google
2012-06-02 10:43 - 2012-06-02 10:43 - 00739832 ____A (Google Inc.) C:\Users\Ospina\Downloads\GoogleEarthPluginSetup.exe
2012-06-02 06:11 - 2012-06-02 06:11 - 01046840 ____A C:\Windows\Minidump\060212-20514-01.dmp
2012-06-01 21:46 - 2010-01-14 22:58 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-01 13:33 - 2012-01-21 12:09 - 00057344 ____A C:\Users\Ospina\Desktop\ADResume11WSIB.doc
2012-06-01 10:24 - 2012-01-22 15:46 - 00046592 ____A C:\Users\Ospina\Desktop\CoverletterWSIB.doc
2012-06-01 09:24 - 2010-09-06 13:20 - 00000000 ____D C:\Users\Ospina\AppData\Roaming\NVIDIA
2012-06-01 05:47 - 2012-06-01 05:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-01 05:45 - 2011-08-25 03:58 - 00000000 ____D C:\users\UpdatusUser
2012-06-01 05:45 - 2010-11-12 18:55 - 00000000 ____D C:\Users\Ospina\AppData\Local\Windows Live
2012-06-01 05:43 - 2012-06-01 05:43 - 01022352 ____A C:\Windows\Minidump\060112-17659-01.dmp
2012-05-31 19:55 - 2012-05-31 19:55 - 00000162 ___AH C:\Users\Ospina\Desktop\~$Resume11WSIB.doc
2012-05-31 16:27 - 2012-05-31 16:27 - 00000162 ___AH C:\Users\Ospina\Desktop\~$qatar.doc
2012-05-28 03:58 - 2012-05-28 03:58 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-28 03:58 - 2012-05-28 03:58 - 00000000 ____D C:\Users\Ospina\Documents\Battlefield 3
2012-05-28 03:58 - 2012-05-28 03:58 - 00000000 ____D C:\Users\Ospina\AppData\Local\PunkBuster
2012-05-28 03:58 - 2012-05-27 21:23 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-28 03:56 - 2012-05-28 03:34 - 00000000 ____D C:\Users\All Users\EA Logs
2012-05-28 03:48 - 2012-05-28 02:51 - 00001176 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2012-05-28 03:48 - 2012-05-27 21:23 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-28 03:47 - 2012-05-27 21:22 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-28 03:47 - 2009-12-31 19:09 - 00135329 ____A C:\Windows\DirectX.log
2012-05-28 03:39 - 2012-05-28 03:39 - 03870984 ____A C:\Users\Ospina\Downloads\battlelog-web-plugins-1.118.0-retail-prod.exe
2012-05-28 03:39 - 2012-05-28 03:39 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-05-28 03:36 - 2012-05-28 03:36 - 00000000 ____D C:\Users\All Users\EA Core
2012-05-28 03:36 - 2011-11-25 01:10 - 00000000 ____D C:\Users\All Users\Origin
2012-05-28 03:36 - 2011-11-25 01:10 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-05-27 19:32 - 2012-05-27 19:32 - 00001003 ____A C:\Users\Ospina\Desktop\Origin.lnk
2012-05-27 19:32 - 2011-11-25 01:10 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-05-27 19:29 - 2011-11-25 01:10 - 00000000 ____D C:\Program Files (x86)\Origin
2012-05-27 19:28 - 2011-11-25 01:10 - 00001040 ____A C:\Windows\KB893803v2.log
2012-05-26 23:10 - 2010-02-20 12:35 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2012-05-26 23:10 - 2010-01-18 21:48 - 00002874 ____A C:\Users\All Users\hpzinstall.log
2012-05-26 23:05 - 2012-05-26 23:05 - 01046912 ____A C:\Windows\Minidump\052712-19734-01.dmp
2012-05-22 07:53 - 2012-05-22 07:53 - 00011312 ____A C:\Users\Ospina\Desktop\Marriage_Preparation_Registration_Form.pdf
2012-05-22 07:42 - 2012-05-22 07:42 - 00000000 ____D C:\Users\Ospina\AppData\Local\{1671B6CE-E8A3-4401-AFBC-FF0EE666C712}
2012-05-21 08:58 - 2010-02-13 23:12 - 00000000 ____D C:\Users\Ospina\AppData\Roaming\vlc
2012-05-21 08:51 - 2012-04-14 17:33 - 00000000 ____D C:\Users\Ospina\Desktop\Zumba
2012-05-21 08:44 - 2012-05-21 08:42 - 00000000 ____D C:\Users\Ospina\Desktop\Sound Design
2012-05-21 08:44 - 2010-06-30 21:54 - 00000000 ____D C:\Users\Ospina\Desktop\EBOOKS
2012-05-21 08:43 - 2010-02-14 13:37 - 00000000 ____D C:\Users\Ospina\Desktop\Editing
2012-05-20 06:17 - 2012-05-20 06:17 - 01032120 ____A C:\Windows\Minidump\052012-18470-01.dmp
2012-05-19 05:21 - 2012-05-19 05:20 - 01076880 ____A C:\Windows\Minidump\051912-17784-01.dmp
2012-05-12 07:29 - 2010-03-19 19:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-12 07:23 - 2009-07-13 20:45 - 15303904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 00:49 - 2011-11-07 18:50 - 00000000 ____D C:\Users\Ospina\AppData\Roaming\uTorrent
2012-05-12 00:49 - 2011-10-01 09:04 - 00000000 ____D C:\users\Mcx1-OSPINA-PC
2012-05-12 00:49 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-05-12 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-05-12 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-05-12 00:47 - 2010-11-12 22:53 - 00000000 ____D C:\Users\Ospina\Documents\VirtualDJ
2012-05-11 23:06 - 2010-04-07 20:23 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 23:00 - 2009-12-31 19:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 23:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 21:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-05-10 23:00 - 2012-05-10 23:00 - 00065536 __ASH C:\Windows\System32\config\components{fd816114-71b4-11e1-bee5-002564e52ac4}.TxR.blf
2012-05-08 13:43 - 2012-02-10 17:14 - 00000000 ____D C:\Users\Ospina\Desktop\Alithia's Birthday
2012-05-08 13:39 - 2011-09-19 23:28 - 00454144 __ASH C:\Users\Ospina\Downloads\Thumbs.db
2012-05-08 13:27 - 2012-05-08 13:27 - 00143843 ____A C:\Users\Ospina\Downloads\christmas party.jpg
2012-05-04 20:44 - 2012-05-04 19:59 - 786432000 ____A C:\Users\Ospina\Downloads\i-lcaffavwptu.part2.rar
2012-05-04 14:09 - 2011-11-17 14:51 - 00000000 ____D C:\Users\Ospina\Desktop\Andy's songs
2012-05-03 22:42 - 2012-05-03 21:59 - 786432000 ____A C:\Users\Ospina\Downloads\i-lcaffavwptu.part1.rar
2012-04-28 04:52 - 2012-04-28 04:52 - 01040424 ____A C:\Windows\Minidump\042812-17581-01.dmp
2012-04-26 16:08 - 2012-06-06 22:04 - 55656824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-04-26 16:03 - 2010-01-15 03:43 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-25 14:50 - 2012-04-25 14:50 - 01059144 ____A C:\Windows\Minidump\042512-20264-01.dmp
2012-04-23 20:06 - 2012-04-23 20:06 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 20:06 - 2012-04-23 20:06 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-23 20:05 - 2012-04-23 20:05 - 04139680 ____A (Adobe Systems Incorporated) C:\Users\Ospina\Downloads\install_flash_player_11_plugin_32bit.exe
2012-04-23 19:59 - 2012-04-23 19:58 - 00800408 ____A (Solid State Networks) C:\Users\Ospina\Downloads\install_flashplayer11x64_mssd_aih.exe
2012-04-19 21:24 - 2012-04-19 21:17 - 733091845 ____A C:\Users\Ospina\Downloads\c0ntr4.b.720br.rar
2012-04-14 16:58 - 2012-04-14 16:38 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part05.rar
2012-04-14 16:21 - 2012-04-14 15:47 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part22.rar
2012-04-14 15:45 - 2012-04-14 16:48 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part01.rar
2012-04-14 15:45 - 2012-04-14 16:44 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part04.rar
2012-04-14 15:45 - 2012-04-14 16:44 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part03.rar
2012-04-14 15:45 - 2012-04-14 16:44 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part02.rar
2012-04-14 15:45 - 2012-04-14 16:38 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part06.rar
2012-04-14 15:45 - 2012-04-14 16:35 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part07.rar
2012-04-14 15:45 - 2012-04-14 16:28 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part08.rar
2012-04-14 15:45 - 2012-04-14 16:27 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part10.rar
2012-04-14 15:45 - 2012-04-14 16:27 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part09.rar
2012-04-14 15:45 - 2012-04-14 16:16 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part12.rar
2012-04-14 15:45 - 2012-04-14 16:16 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part11.rar
2012-04-14 15:45 - 2012-04-14 16:15 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part14.rar
2012-04-14 15:45 - 2012-04-14 16:15 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part13.rar
2012-04-14 15:45 - 2012-04-14 16:07 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part17.rar
2012-04-14 15:45 - 2012-04-14 16:07 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part16.rar
2012-04-14 15:45 - 2012-04-14 16:07 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part15.rar
2012-04-14 15:45 - 2012-04-14 15:56 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part21.rar
2012-04-14 15:45 - 2012-04-14 15:56 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part20.rar
2012-04-14 15:45 - 2012-04-14 15:56 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part19.rar
2012-04-14 15:45 - 2012-04-14 15:56 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part18.rar
2012-04-14 15:45 - 2012-04-14 15:45 - 48266189 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part26.rar
2012-04-14 15:45 - 2012-04-14 15:45 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part25.rar
2012-04-14 15:45 - 2012-04-14 15:45 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part24.rar
2012-04-14 15:45 - 2012-04-14 15:45 - 209715200 ____A C:\Users\Ospina\Downloads\Zumba_20Exhilarate.www.Filesharezone.com.part23.rar
2012-04-14 15:22 - 2012-04-14 15:22 - 01019800 ____A C:\Windows\Minidump\041412-22713-01.dmp
2012-04-10 06:35 - 2012-02-10 16:34 - 00000000 ____D C:\Users\Ospina\Desktop\Proposal
2012-04-06 21:09 - 2012-04-06 20:32 - 576167036 ____A C:\Users\Ospina\Downloads\HUGO 2011 720p -600mb- Life Studio.mkv.part
2012-04-06 21:07 - 2012-04-06 20:55 - 731900064 ____A C:\Users\Ospina\Downloads\hugodvdripamicd2.rar
2012-04-06 20:55 - 2012-04-06 20:55 - 733448354 ____A C:\Users\Ospina\Downloads\hugodvdripamicd1.rar
2012-04-06 20:53 - 2012-04-06 20:53 - 00000169 ____A C:\Users\Ospina\Downloads\hugodvdripamicd2.rar.html
2012-04-06 20:53 - 2012-04-06 20:53 - 00000169 ____A C:\Users\Ospina\Downloads\hugodvdripamicd1.rar.html
2012-04-04 13:34 - 2012-04-04 13:25 - 246884592 ____A C:\Users\Ospina\Downloads\holly_sp5.rar.part
2012-03-31 04:27 - 2012-03-31 04:27 - 01037544 ____A C:\Windows\Minidump\033112-28407-01.dmp
2012-03-30 22:05 - 2012-05-11 21:38 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 21:38 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 21:38 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 21:38 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 14:11 - 2010-09-28 14:35 - 00000000 ____D C:\Users\All Users\Rosetta Stone
2012-03-30 03:35 - 2012-05-11 21:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 15:19 - 2011-09-04 12:35 - 00036864 ____A C:\Users\Ospina\Documents\ospinaresumenew.doc
2012-03-22 17:47 - 2012-03-20 17:40 - 00112640 ____A C:\Users\Ospina\Desktop\sl-5x5-tracker-lb.xls
2012-03-20 17:40 - 2012-03-20 17:40 - 02929042 ____A C:\Users\Ospina\Desktop\stronglifts-5x5-report.pdf
2012-03-20 16:44 - 2012-03-20 16:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-19 19:55 - 2012-03-19 19:55 - 01087856 ____A C:\Windows\Minidump\031912-23836-01.dmp
2012-03-19 07:15 - 2009-12-31 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-18 23:00 - 2012-03-18 23:00 - 00065536 __ASH C:\Windows\System32\config\components{f1e2f8b4-7122-11e1-a61c-002564e52ac4}.TxR.blf
2012-03-17 23:00 - 2012-03-17 23:00 - 00065536 __ASH C:\Windows\System32\config\components{91bb96ee-7031-11e1-9341-002564e52ac4}.TxR.blf
2012-03-16 23:58 - 2012-05-11 21:38 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 23:00 - 2012-03-16 23:00 - 00065536 __ASH C:\Windows\System32\config\components{a1fe43ee-6f55-11e1-81cc-002564e52ac4}.TxR.blf

ZeroAccess:
C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}
C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\@
C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\L
C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8183.12 MB
Available physical RAM: 7332.49 MB
Total Pagefile: 8181.27 MB
Available Pagefile: 7318.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:490.23 GB) NTFS
7 Drive j: () (Removable) (Total:0.95 GB) (Free:0.68 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.96 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 976 MB 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 916 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 976 MB 0 B

======================================================================================================

Disk: 5
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-06-08 07:59

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 14 June 2012 - 03:08 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 14 June 2012 - 06:04 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 12-06-2012 02
Ran by SYSTEM at 2012-06-14 18:25:08 Run:1
Running from I:\

==============================================

C:\Users\Ospina\AppData\Local\{328b4b83-b4e0-6103-8fa7-8729b5dddaab} moved successfully.

==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 14 June 2012 - 08:54 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ccjjallday

ccjjallday
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 15 June 2012 - 12:37 AM

ComboFix 12-06-14.05 - Ospina 15/06/2012 0:58.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8183.6415 [GMT -4:00]
Running from: c:\users\Ospina\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 05:08 . 2012-06-15 05:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-15 05:08 . 2012-06-15 05:08 -------- d-----w- c:\users\Mcx1-OSPINA-PC\AppData\Local\temp
2012-06-15 05:08 . 2012-06-15 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 07:27 . 2012-06-14 07:27 -------- d-----w- C:\FRST
2012-06-14 02:18 . 2012-05-15 04:01 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-06-14 02:13 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92B1BD1E-7D85-4960-95E7-20314605DF38}\mpengine.dll
2012-06-07 09:32 . 2012-06-07 09:32 -------- d-----w- c:\programdata\Sophos
2012-06-07 09:32 . 2012-06-07 09:32 73728 ----a-r- c:\users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-07 09:32 . 2012-06-07 09:32 73728 ----a-r- c:\users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-07 09:32 . 2012-06-07 09:32 73728 ----a-r- c:\users\Ospina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-07 09:32 . 2012-06-07 09:32 -------- d-----w- c:\program files (x86)\Sophos
2012-06-07 09:31 . 2012-06-07 09:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 07:58 . 2012-06-15 05:10 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-07 07:58 . 2012-06-07 07:58 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-07 06:55 . 2012-06-07 07:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96CC27FE-859D-4347-BACE-A80DE17F0BD0}\offreg.dll
2012-06-07 06:04 . 2012-06-07 06:04 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{654D7477-957B-4CE6-A840-C43F4B5C0A98}\gapaengine.dll
2012-06-07 06:04 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96CC27FE-859D-4347-BACE-A80DE17F0BD0}\mpengine.dll
2012-06-07 06:02 . 2012-06-07 07:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-07 06:02 . 2012-06-07 07:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-07 05:10 . 2012-06-07 05:10 -------- d-----w- c:\program files\ESET
2012-06-02 21:19 . 2012-06-02 21:20 -------- d-----w- c:\program files (x86)\Google
2012-06-01 13:47 . 2012-06-01 13:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-28 11:58 . 2012-05-28 11:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-28 11:58 . 2012-05-28 11:58 -------- d-----w- c:\users\Ospina\AppData\Local\PunkBuster
2012-05-28 11:39 . 2012-05-28 11:39 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-05-28 11:36 . 2012-05-28 11:36 -------- d-----w- c:\programdata\EA Core
2012-05-28 11:34 . 2012-05-28 11:56 -------- d-----w- c:\programdata\EA Logs
2012-05-28 10:51 . 2012-05-28 10:51 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-05-28 05:23 . 2012-05-28 11:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-28 05:23 . 2012-05-28 11:48 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-28 05:22 . 2012-05-28 11:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 04:06 . 2012-04-24 04:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 04:06 . 2012-04-24 04:06 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-30 11:35 . 2012-05-12 05:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-12 05:38 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-08_18.04.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-14 02:18 . 2012-04-20 04:57 67584 c:\windows\SysWOW64\mshtmled.dll
+ 2012-06-14 02:18 . 2012-05-15 03:03 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-10 21:26 . 2012-02-28 05:38 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-10 21:26 . 2012-02-28 05:34 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2012-06-14 02:18 . 2012-05-15 03:00 48128 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-06-08 15:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-14 22:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-14 22:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 15:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 15:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-14 22:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 03:20 . 2012-06-15 05:12 43110 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-15 05:12 31202 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-15 06:53 . 2012-06-15 05:12 15868 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1734162872-4050056206-3852058921-1000_UserData.bin
+ 2012-06-14 02:18 . 2012-04-26 05:41 77312 c:\windows\system32\rdpwsx.dll
- 2012-03-19 11:23 . 2012-01-25 06:38 77312 c:\windows\system32\rdpwsx.dll
+ 2012-06-14 02:19 . 2012-04-20 05:42 97792 c:\windows\system32\mshtmled.dll
+ 2012-06-14 02:18 . 2012-05-15 04:01 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2012-04-10 21:26 . 2012-02-28 06:39 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-06-14 02:18 . 2012-05-15 03:59 64512 c:\windows\system32\jsproxy.dll
- 2012-04-10 21:26 . 2012-02-28 06:35 64512 c:\windows\system32\jsproxy.dll
+ 2012-06-11 21:35 . 2012-06-11 22:16 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012061120120612\index.dat
+ 2012-06-11 21:35 . 2012-06-11 21:31 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012060420120611\index.dat
- 2012-06-01 13:47 . 2012-06-08 16:10 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-01 13:47 . 2012-06-11 22:16 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-01 13:47 . 2012-06-08 16:21 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-01 13:47 . 2012-06-11 22:16 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-06-14 22:33 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-01-15 06:00 . 2012-06-08 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 06:00 . 2012-06-15 04:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-15 06:00 . 2012-06-08 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-15 06:00 . 2012-06-15 04:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-12 07:05 . 2012-05-12 07:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\fbca78795c4dd2a0df1fbc45cef56513\WindowsLiveWriter.ni.exe
+ 2012-06-14 11:28 . 2012-06-14 11:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2010-01-18 07:29 . 2012-06-14 03:06 3248 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-14 02:18 . 2012-04-26 05:34 9216 c:\windows\system32\rdrmemptylst.exe
- 2012-03-19 11:23 . 2012-01-25 06:33 9216 c:\windows\system32\rdrmemptylst.exe
- 2012-06-08 15:41 . 2012-06-08 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 05:09 . 2012-06-15 05:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 15:41 . 2012-06-08 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-15 05:09 . 2012-06-15 05:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-14 02:18 . 2012-05-15 03:03 981504 c:\windows\SysWOW64\wininet.dll
- 2012-04-10 21:26 . 2012-02-28 05:38 981504 c:\windows\SysWOW64\wininet.dll
- 2012-04-10 21:26 . 2012-02-28 05:38 132096 c:\windows\SysWOW64\url.dll
+ 2012-06-14 02:18 . 2012-04-20 05:00 132096 c:\windows\SysWOW64\url.dll
+ 2012-06-14 02:19 . 2012-04-20 04:57 627712 c:\windows\SysWOW64\msfeeds.dll
- 2012-01-11 02:14 . 2011-10-14 04:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-06-14 02:19 . 2012-04-17 04:34 716800 c:\windows\SysWOW64\jscript.dll
- 2012-04-10 21:26 . 2012-02-28 05:34 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-14 02:18 . 2012-04-20 04:56 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-14 02:18 . 2012-04-24 04:36 140288 c:\windows\SysWOW64\cryptsvc.dll
+ 2012-06-14 02:18 . 2012-04-24 04:36 103936 c:\windows\SysWOW64\cryptnet.dll
+ 2010-01-16 14:07 . 2012-06-14 22:11 675884 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-06-14 02:18 . 2012-04-20 05:42 134144 c:\windows\system32\url.dll
- 2012-04-10 21:26 . 2012-02-28 06:39 134144 c:\windows\system32\url.dll
+ 2012-06-14 02:18 . 2012-04-26 05:41 149504 c:\windows\system32\rdpcorekmts.dll
- 2012-03-19 11:23 . 2012-01-25 06:38 149504 c:\windows\system32\rdpcorekmts.dll
+ 2012-06-14 02:18 . 2012-05-01 05:40 209920 c:\windows\system32\profsvc.dll
- 2011-06-08 21:59 . 2010-11-20 13:27 209920 c:\windows\system32\profsvc.dll
+ 2009-07-14 02:36 . 2012-06-14 07:08 618160 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-14 07:08 107440 c:\windows\system32\perfc009.dat
+ 2012-06-14 02:19 . 2012-04-20 05:42 735744 c:\windows\system32\msfeeds.dll
+ 2012-06-14 02:19 . 2012-04-17 05:31 918016 c:\windows\system32\jscript.dll
- 2012-04-10 21:26 . 2012-02-28 06:35 247808 c:\windows\system32\ieui.dll
+ 2012-06-14 02:18 . 2012-04-20 05:42 247808 c:\windows\system32\ieui.dll
- 2012-03-19 11:23 . 2012-02-17 04:58 210944 c:\windows\system32\drivers\rdpwd.sys
+ 2012-06-14 02:18 . 2012-04-28 03:55 210944 c:\windows\system32\drivers\rdpwd.sys
+ 2012-06-14 02:18 . 2012-04-24 05:37 184320 c:\windows\system32\cryptsvc.dll
+ 2012-06-14 02:18 . 2012-04-24 05:37 140288 c:\windows\system32\cryptnet.dll
+ 2009-07-14 05:12 . 2012-06-15 05:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-06-08 15:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-15 04:06 . 2012-06-15 05:12 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-06-14 02:17 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
- 2012-04-10 21:26 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-10 21:26 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-14 02:17 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\58441b4216f3051caa7041fa1cd9476d\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 07:11 . 2012-06-14 07:11 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\db6668b547e7504d74c3f345e2519b65\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9ae3a257c347602d42ab80bb7a5ca3bb\System.ServiceProcess.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\7a5371c272b4008457a3af780bf65ae5\System.Messaging.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\0a0d6610975706aee94ec9f44191bab8\System.Configuration.Install.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\26599cf02308adfabdc81eff4b322a01\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll
+ 2012-06-14 11:25 . 2012-06-14 11:25 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\23e010548e66d9b4e7aed5ac7ff54a13\VistaBridgeLibrary.ni.dll
+ 2012-06-14 11:25 . 2012-06-14 11:25 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\f793fe4a34e3925fa24ebc8119ad084b\VDialog.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll
+ 2012-06-14 11:22 . 2012-06-14 11:22 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll
+ 2012-06-14 11:22 . 2012-06-14 11:22 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll
+ 2012-06-14 11:22 . 2012-06-14 11:22 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll
+ 2012-06-14 11:25 . 2012-06-14 11:25 407552 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\ab244d84c27695c649c3cb4a52b840c6\MyDock.Util.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll
+ 2012-06-14 07:06 . 2012-06-14 07:06 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-06-14 11:27 . 2012-06-14 11:27 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\5b4b71fd140484201d0e285a14cce17a\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e92c100773e1aa6e0094ac430b496ace\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e35141184454c11a98f333c5b7b5c4c3\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac47170bea9a3515287134ce8c3dae4a\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8adf64dec1f056a5c36720ac34045370\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\882aeb909ff121fae01034b7e9627936\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8437eb811a83c1d04c10c6d91abc606b\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f110f192197df8fd4d84e270edf7825\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e388ec2100141e62e0f3cb81aa42ce0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2bfd2895928710d7cf422c48b6e915d0\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1af8e0bd9d63b6263bda26b9ffc1f053\WindowsLive.Writer.Api.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\c5d63c774d84fccad17b4215692d4f02\WindowsLive.Client.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
+ 2012-06-14 02:17 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-10 21:26 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-10 21:26 . 2012-02-28 05:38 1231360 c:\windows\SysWOW64\urlmon.dll
+ 2012-06-14 02:18 . 2012-04-20 05:00 1231360 c:\windows\SysWOW64\urlmon.dll
+ 2012-06-14 02:18 . 2012-05-04 10:03 3913072 c:\windows\SysWOW64\ntoskrnl.exe
- 2012-05-12 05:38 . 2012-03-31 04:39 3913072 c:\windows\SysWOW64\ntoskrnl.exe
+ 2012-06-14 02:18 . 2012-05-04 10:03 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
- 2012-05-12 05:38 . 2012-03-31 04:39 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-06-14 02:18 . 2012-04-07 11:26 2342400 c:\windows\SysWOW64\msi.dll
+ 2012-06-14 02:19 . 2012-04-20 04:57 6027776 c:\windows\SysWOW64\mshtml.dll
+ 2012-06-14 02:19 . 2012-04-20 04:56 2073600 c:\windows\SysWOW64\iertutil.dll
- 2012-04-10 21:26 . 2012-02-28 05:34 2073600 c:\windows\SysWOW64\iertutil.dll
+ 2012-06-14 02:18 . 2012-04-24 04:36 1158656 c:\windows\SysWOW64\crypt32.dll
+ 2012-06-14 02:19 . 2012-05-15 01:32 3146752 c:\windows\system32\win32k.sys
- 2012-04-10 21:26 . 2012-02-28 06:39 1494016 c:\windows\system32\urlmon.dll
+ 2012-06-14 02:18 . 2012-04-20 05:42 1494016 c:\windows\system32\urlmon.dll
+ 2012-06-14 02:18 . 2012-05-04 11:06 5559664 c:\windows\system32\ntoskrnl.exe
- 2012-05-12 05:38 . 2012-03-31 06:05 5559664 c:\windows\system32\ntoskrnl.exe
+ 2012-06-14 02:18 . 2012-04-07 12:31 3216384 c:\windows\system32\msi.dll
+ 2012-06-14 02:19 . 2012-04-20 05:42 9059840 c:\windows\system32\mshtml.dll
+ 2012-06-14 02:18 . 2012-04-20 05:42 2454528 c:\windows\system32\iertutil.dll
+ 2012-06-14 02:18 . 2012-04-24 05:37 1462272 c:\windows\system32\crypt32.dll
- 2010-01-15 04:06 . 2012-06-08 17:55 4718592 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-15 04:06 . 2012-06-15 04:50 4718592 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-15 04:50 1884160 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-06-07 04:19 7114451 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-14 11:22 7114451 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 05:01 . 2012-06-15 05:09 1300296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-08 15:40 1300296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-14 02:18 . 2012-03-21 22:30 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2012-05-12 05:38 . 2012-01-04 03:34 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-14 02:18 . 2012-03-21 22:30 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2011-06-08 21:59 . 2010-11-05 01:56 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
- 2012-05-12 05:38 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-14 02:18 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-14 02:18 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2011-06-08 21:59 . 2010-11-05 01:58 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-12 07:05 . 2012-05-12 07:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-23 02:46 . 2012-04-23 02:46 1187328 c:\windows\Installer\c31bbd.msp
+ 2012-03-15 18:26 . 2012-03-15 18:26 4212736 c:\windows\Installer\c31bb5.msp
+ 2012-06-14 07:11 . 2012-06-14 07:11 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f866554cae3c9bf97ef2fa2e90f4ebda\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 07:11 . 2012-06-14 07:11 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 07:11 . 2012-06-14 07:11 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\44f8907ea08f9c7ff390b17a925a98fd\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\0927d75b05e9d3bfdae478155e8c0742\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\71e3d9751ca6679c5ce2d707ca173373\System.Printing.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e642f8e9415d53aa2bc08fc3af938236\System.Deployment.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\4ff694358b3796883fea64e500c27169\System.Activities.Presentation.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\47f8023bf6e24604f908ebc472dbe3b6\ReachFramework.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de8350e990fc1123d26665588c7d68c7\PresentationUI.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e3be750f68ac84f84240e86a5e1020af\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\4cd09961cd45c4c3d3a079f3e81686f5\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll
+ 2012-06-14 11:22 . 2012-06-14 11:22 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll
+ 2012-06-14 11:22 . 2012-06-14 11:22 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 11:22 . 2012-06-14 11:22 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 07:02 . 2012-06-14 07:02 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-06-14 07:01 . 2012-06-14 07:01 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll
+ 2012-06-14 07:02 . 2012-06-14 07:02 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll
+ 2012-06-14 11:25 . 2012-06-14 11:25 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 07:06 . 2012-06-14 07:06 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-14 07:06 . 2012-06-14 07:06 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 11:26 . 2012-06-14 11:26 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll
+ 2012-06-14 11:25 . 2012-06-14 11:25 3419648 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\32ba5ac005e457d1ec56d5041a592819\DellDock.ni.exe
+ 2012-06-14 11:27 . 2012-06-14 11:27 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3ded9525743f5484dd86c7806ec5553\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb47137b3e002d82dc7c9f97eeec2c93\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7605419cce72fcf91bb7dbc31ebbbca5\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\328780f2db847d458362c28dfcb62bcd\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-14 07:05 . 2012-06-14 07:05 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-14 07:04 . 2012-06-14 07:04 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-14 07:05 . 2012-06-14 07:05 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe
+ 2012-06-14 11:28 . 2012-06-14 11:28 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 11:28 . 2012-06-14 11:28 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 11:27 . 2012-06-14 11:27 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-14 02:18 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-12 05:38 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-08 21:59 . 2010-11-05 01:58 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-14 02:18 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-14 02:19 . 2012-04-20 04:56 11020800 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2012-06-05 07:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-14 11:17 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-01-15 11:43 . 2012-06-14 07:06 58957832 c:\windows\system32\MRT.exe
+ 2012-06-14 02:19 . 2012-04-20 05:42 12297216 c:\windows\system32\ieframe.dll
+ 2009-07-14 04:45 . 2012-06-14 11:19 15303904 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-05-12 15:23 15303904 c:\windows\system32\FNTCACHE.DAT
+ 2010-05-28 01:31 . 2012-06-14 22:21 47746048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1734162872-4050056206-3852058921-1000-8192.dat
+ 2012-06-14 07:12 . 2012-06-14 07:12 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-14 07:11 . 2012-06-14 07:11 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll
+ 2012-06-14 11:21 . 2012-06-14 11:21 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll
+ 2012-06-14 07:02 . 2012-06-14 07:02 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-06-14 07:01 . 2012-06-14 07:01 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-06-14 11:25 . 2012-06-14 11:25 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\a158eb660ed76c81feb561cfe26f3d88\MenuSkinning.ni.dll
+ 2012-06-14 07:07 . 2012-06-14 07:07 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-14 11:20 . 2012-06-14 11:20 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-14 07:05 . 2012-06-14 07:05 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-14 07:04 . 2012-06-14 07:04 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"FontExpertType1Loader"="c:\program files (x86)\FontExpert\Type1Loader.exe" [2008-12-14 294152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 116648]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-10-31 487312]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-18 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 116648]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 04:06]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 21:19]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 21:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: hewitt.com\lb29.bpo
Trusted Zone: mphro.com\tkweb-sso.rogers
Trusted Zone: rogers.com\webmail.rci
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ospina\AppData\Roaming\Mozilla\Firefox\Profiles\bhi1rk3f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000_Classes\Wow6432Node\CLSID\{1832a074-07e6-4046-bfbb-7cb4418cd63e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000046
"Therad"=dword:0000001b
.
[HKEY_USERS\S-1-5-21-1734162872-4050056206-3852058921-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e2,27,f9,7d,83,32,b8,24,da,a8,cd,82,ff,ea,ba,13,20,b6,af,0e,11,
c3,5b,88,2e,36,48,c5,ef,49,91,e8,0e,b5,1c,69,ef,23,1c,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-06-15 01:16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 05:16
ComboFix2.txt 2012-06-11 22:40
ComboFix3.txt 2012-06-08 18:07
.
Pre-Run: 525,027,901,440 bytes free
Post-Run: 525,104,783,360 bytes free
.
- - End Of File - - 6C0B38EB20AC568DE92E6DBFC91AE5CE


My computer seems to be running okay... What are the chances of this being completely removed?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users