Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker, Browser redirects, Pop-ups


  • This topic is locked This topic is locked
16 replies to this topic

#1 KendallSilver

KendallSilver

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 11 June 2012 - 03:41 PM

I have tried to remove this for a while now and it keeps reappearing. I get pop-ups if I let my browser sit open for a while, I get redirects at least 50% of the time when I do searches from Google. I have tried a few anti-rootkit scans and haven't seen anything lately, and all my AVG and Malwarebytes scans come back clean.

GMER only gives me the options to select []Services []Registry []Files []C:\ []ADS and when i run the scan it generated a blank log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kendall Silver at 14:18:30 on 2012-06-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2248 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
StartupFolder: C:\Users\KENDAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Program Files (x86)\UltraMon\UltraMon.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - C:\Windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com\fai.music.metaservices
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ACBEF2DD-8611-4FA6-9E0D-0EA031AA4FE5} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kendall Silver\AppData\Roaming\Mozilla\Firefox\Profiles\nxm19n1d.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 AvgMfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-06 14:13:33 -------- d-----w- C:\Users\Kendall Silver\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 14:13:14 -------- d-----w- C:\ProgramData\!SASCORE
2012-06-06 14:13:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-06 13:31:40 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 13:31:40 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 03:44:47 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-04 16:08:35 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-06-04 16:08:29 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-05-27 00:42:53 20268032 ----a-w- C:\Windows\System32\imageres_original.dll
2012-05-14 16:02:09 -------- d-----w- C:\Program Files (x86)\Diablo III
.
==================== Find3M ====================
.
2012-04-19 14:33:03 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 14:33:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 03:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 03:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 03:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 03:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 03:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 03:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 03:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 20:51:45 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 14:19:14.72 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 12 June 2012 - 06:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 12 June 2012 - 09:13 AM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (13.0)
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ComboFix 12-06-12.01 - Kendall Silver 06/12/2012 8:51.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2273 [GMT -5:00]
Running from: g:\downloads\New Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KENDAL~1\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80\CliSecureRT64.dll
c:\users\KENDAL~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\Kendall Silver\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80\CliSecureRT64.dll
c:\users\Kendall Silver\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\Kendall Silver\AppData\Roaming\11e719a7
c:\users\Kendall Silver\AppData\Roaming\1272f88a
c:\users\Kendall Silver\AppData\Roaming\14ca90f0
c:\users\Kendall Silver\AppData\Roaming\154e980f
c:\users\Kendall Silver\AppData\Roaming\198c79ba
c:\users\Kendall Silver\AppData\Roaming\19d83807
c:\users\Kendall Silver\AppData\Roaming\1a05fc52
c:\users\Kendall Silver\AppData\Roaming\1a5d943a
c:\users\Kendall Silver\AppData\Roaming\1bb24f4d
c:\users\Kendall Silver\AppData\Roaming\1db7eae0
c:\users\Kendall Silver\AppData\Roaming\1e31b7ea
c:\users\Kendall Silver\AppData\Roaming\1e387e58
c:\users\Kendall Silver\AppData\Roaming\1e9eec80
c:\users\Kendall Silver\AppData\Roaming\1ebb9607
c:\users\Kendall Silver\AppData\Roaming\1f478265
c:\users\Kendall Silver\AppData\Roaming\1fba853d
c:\users\Kendall Silver\AppData\Roaming\1fe8c598
c:\users\Kendall Silver\AppData\Roaming\207c7ae8
c:\users\Kendall Silver\AppData\Roaming\20936795
c:\users\Kendall Silver\AppData\Roaming\234ecce8
c:\users\Kendall Silver\AppData\Roaming\23d8c55b
c:\users\Kendall Silver\AppData\Roaming\2446afc3
c:\users\Kendall Silver\AppData\Roaming\253897c2
c:\users\Kendall Silver\AppData\Roaming\25aea97a
c:\users\Kendall Silver\AppData\Roaming\27033cb8
c:\users\Kendall Silver\AppData\Roaming\27862d2f
c:\users\Kendall Silver\AppData\Roaming\3d787c30
c:\users\Kendall Silver\AppData\Roaming\41dab368
c:\users\Kendall Silver\AppData\Roaming\4de75993
c:\users\Kendall Silver\AppData\Roaming\4e69e8c0
c:\users\Kendall Silver\AppData\Roaming\5ca2aa7d
c:\users\Kendall Silver\AppData\Roaming\5d529703
c:\users\Kendall Silver\AppData\Roaming\5ff1517f
c:\users\Kendall Silver\AppData\Roaming\60745730
c:\users\Kendall Silver\AppData\Roaming\6d73df0
c:\users\Kendall Silver\AppData\Roaming\75fc0f0
c:\users\Kendall Silver\AppData\Roaming\85bd9082
c:\users\Kendall Silver\AppData\Roaming\863e17dd
c:\users\Kendall Silver\AppData\Roaming\8f1d6617
c:\users\Kendall Silver\AppData\Roaming\8fa08a95
c:\users\Kendall Silver\AppData\Roaming\a5c7c98
c:\users\Kendall Silver\AppData\Roaming\ad3989f
c:\users\Kendall Silver\AppData\Roaming\Adobe\plugs
c:\users\Kendall Silver\AppData\Roaming\Adobe\shed
c:\users\Kendall Silver\AppData\Roaming\b5d4800
c:\users\Kendall Silver\AppData\Roaming\baa6a6dd
c:\users\Kendall Silver\AppData\Roaming\bb3a3f43
c:\users\Kendall Silver\AppData\Roaming\bc52ba50
c:\users\Kendall Silver\AppData\Roaming\bcc2395b
c:\users\Kendall Silver\AppData\Roaming\bcfcec0
c:\users\Kendall Silver\AppData\Roaming\bd376faf
c:\users\Kendall Silver\AppData\Roaming\bda2942b
c:\users\Kendall Silver\AppData\Roaming\c674c1c5
c:\users\Kendall Silver\AppData\Roaming\c6f115b5
c:\users\Kendall Silver\AppData\Roaming\c804fb8f
c:\users\Kendall Silver\AppData\Roaming\c888aa68
c:\users\Kendall Silver\AppData\Roaming\caf00415
c:\users\Kendall Silver\AppData\Roaming\cb6d0578
c:\users\Kendall Silver\AppData\Roaming\cbda5f62
c:\users\Kendall Silver\AppData\Roaming\cc8ca200
c:\users\Kendall Silver\AppData\Roaming\ccfe29a8
c:\users\Kendall Silver\AppData\Roaming\ce5e5993
c:\users\Kendall Silver\AppData\Roaming\cee1c3c5
c:\users\Kendall Silver\AppData\Roaming\d980c25
c:\users\Kendall Silver\AppData\Roaming\e17c3c5
c:\users\Kendall Silver\AppData\Roaming\edc2a0b2
c:\users\Kendall Silver\AppData\Roaming\f1408d70
c:\users\Kendall Silver\AppData\Roaming\f1c0e538
c:\users\Kendall Silver\AppData\Roaming\f1c167b3
c:\users\Kendall Silver\AppData\Roaming\f5211d95
c:\users\Kendall Silver\AppData\Roaming\f590812d
c:\users\Kendall Silver\AppData\Roaming\f608e4d8
c:\users\Kendall Silver\AppData\Roaming\f676542d
c:\windows\SysWow64\winsusrm.dll
c:\windows\SysWow64\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 13:55 . 2012-06-12 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 14:13 . 2012-06-06 14:13 -------- d-----w- c:\users\Kendall Silver\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 14:13 . 2012-06-06 14:13 -------- d-----w- c:\programdata\!SASCORE
2012-06-06 14:13 . 2012-06-06 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-06 13:31 . 2012-06-06 13:31 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 13:31 . 2012-06-06 13:31 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 03:44 . 2012-06-06 03:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-04 16:08 . 2012-06-04 16:08 -------- d-----w- c:\programdata\ATI
2012-06-04 16:08 . 2012-06-04 16:08 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-04 16:08 . 2012-06-04 16:08 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-27 00:42 . 2009-07-14 01:28 20268032 ----a-w- c:\windows\system32\imageres_original.dll
2012-05-14 16:02 . 2012-06-06 19:17 -------- d-----w- c:\program files (x86)\Diablo III
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 14:33 . 2012-03-29 10:26 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-19 14:33 . 2011-05-13 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-05-05 02:18 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-09-06 23:06 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-05-05 01:56 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2010-10-27 07:57 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2010-10-27 08:22 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-15 02:14 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-05 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2010-05-05 01:22 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 20:56 . 2010-09-28 08:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 20:51 . 2012-03-31 20:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-31 06:05 . 2012-05-10 16:35 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 16:35 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 16:35 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 16:35 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 16:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-18 14:54 . 2010-09-08 16:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-17 07:58 . 2012-05-10 16:35 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-04-05 231424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-01-18 2787840]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
.
c:\users\Kendall Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\program files\UltraMon\UltraMon.exe [2010-2-14 694272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 AvgMfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-06-06 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - c:\windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com\fai.music.metaservices
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kendall Silver\AppData\Roaming\Mozilla\Firefox\Profiles\nxm19n1d.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-63709588.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\1a\0f\08/?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
.
**************************************************************************
.
Completion time: 2012-06-12 09:04:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 14:04
.
Pre-Run: 200,008,093,696 bytes free
Post-Run: 200,135,266,304 bytes free
.
- - End Of File - - DFB27F60132670B0F76AD96A636181EB


Doing some basic testing I haven't seen any redirects, but it wasn't a 100% thing b4 any way... I also haven't seen any more pop-ups, but again it was a subtle thin b4 too.... I'll keep messing with it and post again if I see any thing more.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 12 June 2012 - 09:35 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 12 June 2012 - 04:04 PM

15:52:23.0528 3868 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:52:23.0824 3868 ============================================================
15:52:23.0824 3868 Current date / time: 2012/06/12 15:52:23.0824
15:52:23.0824 3868 SystemInfo:
15:52:23.0824 3868
15:52:23.0824 3868 OS Version: 6.1.7601 ServicePack: 1.0
15:52:23.0824 3868 Product type: Workstation
15:52:23.0824 3868 ComputerName: NIGHTBLADE-PC
15:52:23.0824 3868 UserName: Kendall Silver
15:52:23.0824 3868 Windows directory: C:\Windows
15:52:23.0824 3868 System windows directory: C:\Windows
15:52:23.0824 3868 Running under WOW64
15:52:23.0824 3868 Processor architecture: Intel x64
15:52:23.0824 3868 Number of processors: 4
15:52:23.0824 3868 Page size: 0x1000
15:52:23.0824 3868 Boot type: Normal boot
15:52:23.0824 3868 ============================================================
15:52:25.0634 3868 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:25.0634 3868 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:25.0650 3868 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:25.0650 3868 ============================================================
15:52:25.0650 3868 \Device\Harddisk0\DR0:
15:52:25.0650 3868 MBR partitions:
15:52:25.0650 3868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2CBF874D
15:52:25.0665 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2CBF87CB, BlocksNum 0x5EC9A8EF
15:52:25.0681 3868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8B8930F9, BlocksNum 0x5D5743C8
15:52:25.0681 3868 \Device\Harddisk1\DR1:
15:52:25.0681 3868 MBR partitions:
15:52:25.0930 3868 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xE8E035C1
15:52:25.0930 3868 \Device\Harddisk2\DR2:
15:52:25.0930 3868 MBR partitions:
15:52:25.0977 3868 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xE8E035C1
15:52:25.0977 3868 ============================================================
15:52:26.0008 3868 C: <-> \Device\Harddisk0\DR0\Partition0
15:52:26.0008 3868 V: <-> \Device\Harddisk2\DR2\Partition0
15:52:26.0024 3868 M: <-> \Device\Harddisk1\DR1\Partition0
15:52:26.0024 3868 G: <-> \Device\Harddisk0\DR0\Partition1
15:52:26.0055 3868 T: <-> \Device\Harddisk0\DR0\Partition2
15:52:26.0055 3868 ============================================================
15:52:26.0055 3868 Initialize success
15:52:26.0055 3868 ============================================================
15:52:30.0142 2720 ============================================================
15:52:30.0142 2720 Scan started
15:52:30.0142 2720 Mode: Manual;
15:52:30.0142 2720 ============================================================
15:52:31.0219 2720 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:52:31.0219 2720 !SASCORE - ok
15:52:31.0344 2720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:52:31.0359 2720 1394ohci - ok
15:52:31.0390 2720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:52:31.0406 2720 ACPI - ok
15:52:31.0422 2720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:52:31.0422 2720 AcpiPmi - ok
15:52:31.0500 2720 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:52:31.0515 2720 Adobe LM Service - ok
15:52:31.0624 2720 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:31.0624 2720 AdobeFlashPlayerUpdateSvc - ok
15:52:31.0687 2720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:31.0687 2720 adp94xx - ok
15:52:31.0734 2720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:52:31.0749 2720 adpahci - ok
15:52:31.0765 2720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:52:31.0765 2720 adpu320 - ok
15:52:31.0827 2720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:52:31.0827 2720 AeLookupSvc - ok
15:52:31.0890 2720 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:52:31.0905 2720 AFD - ok
15:52:31.0921 2720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:52:31.0921 2720 agp440 - ok
15:52:31.0936 2720 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:52:31.0936 2720 ALG - ok
15:52:31.0968 2720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:52:31.0968 2720 aliide - ok
15:52:31.0983 2720 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
15:52:31.0983 2720 Alpham1 - ok
15:52:31.0999 2720 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
15:52:31.0999 2720 Alpham2 - ok
15:52:32.0030 2720 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
15:52:32.0046 2720 AMD External Events Utility - ok
15:52:32.0061 2720 AMD FUEL Service - ok
15:52:32.0077 2720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:52:32.0077 2720 amdide - ok
15:52:32.0108 2720 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:52:32.0108 2720 amdiox64 - ok
15:52:32.0139 2720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:52:32.0139 2720 AmdK8 - ok
15:52:32.0420 2720 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
15:52:32.0592 2720 amdkmdag - ok
15:52:32.0701 2720 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
15:52:32.0716 2720 amdkmdap - ok
15:52:32.0732 2720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:52:32.0732 2720 AmdPPM - ok
15:52:32.0748 2720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:52:32.0763 2720 amdsata - ok
15:52:32.0794 2720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:32.0794 2720 amdsbs - ok
15:52:32.0794 2720 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:52:32.0794 2720 amdxata - ok
15:52:32.0826 2720 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:52:32.0826 2720 AODDriver4.01 - ok
15:52:32.0841 2720 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:52:32.0841 2720 AODDriver4.1 - ok
15:52:32.0888 2720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:52:32.0888 2720 AppID - ok
15:52:32.0888 2720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:52:32.0904 2720 AppIDSvc - ok
15:52:32.0919 2720 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:52:32.0919 2720 Appinfo - ok
15:52:32.0950 2720 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:52:32.0950 2720 AppMgmt - ok
15:52:32.0966 2720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:52:32.0966 2720 arc - ok
15:52:32.0982 2720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:52:32.0982 2720 arcsas - ok
15:52:33.0075 2720 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:52:33.0091 2720 aspnet_state - ok
15:52:33.0091 2720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:33.0106 2720 AsyncMac - ok
15:52:33.0122 2720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:52:33.0122 2720 atapi - ok
15:52:33.0153 2720 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
15:52:33.0153 2720 AtiHDAudioService - ok
15:52:33.0184 2720 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
15:52:33.0184 2720 AtiHdmiService - ok
15:52:33.0200 2720 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:52:33.0216 2720 AtiPcie - ok
15:52:33.0247 2720 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys
15:52:33.0247 2720 ATITool - ok
15:52:33.0294 2720 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:52:33.0309 2720 AudioEndpointBuilder - ok
15:52:33.0309 2720 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:52:33.0325 2720 AudioSrv - ok
15:52:33.0543 2720 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:52:33.0574 2720 AVGIDSAgent - ok
15:52:33.0652 2720 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:52:33.0652 2720 AVGIDSDriver - ok
15:52:33.0715 2720 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:52:33.0715 2720 AVGIDSEH - ok
15:52:33.0746 2720 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:52:33.0746 2720 AVGIDSFilter - ok
15:52:33.0777 2720 AvgLdx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:52:33.0777 2720 AvgLdx64 - ok
15:52:33.0793 2720 AvgMfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:52:33.0793 2720 AvgMfx64 - ok
15:52:33.0793 2720 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:52:33.0793 2720 Avgrkx64 - ok
15:52:33.0824 2720 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:52:33.0824 2720 Avgtdia - ok
15:52:33.0855 2720 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:52:33.0855 2720 avgwd - ok
15:52:33.0871 2720 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:52:33.0871 2720 AxInstSV - ok
15:52:33.0918 2720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:33.0933 2720 b06bdrv - ok
15:52:33.0949 2720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:33.0949 2720 b57nd60a - ok
15:52:33.0964 2720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:52:33.0964 2720 BDESVC - ok
15:52:33.0980 2720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:52:33.0980 2720 Beep - ok
15:52:34.0027 2720 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:52:34.0027 2720 BFE - ok
15:52:34.0074 2720 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:52:34.0089 2720 BITS - ok
15:52:34.0105 2720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:34.0105 2720 blbdrive - ok
15:52:34.0152 2720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:52:34.0152 2720 bowser - ok
15:52:34.0167 2720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:34.0167 2720 BrFiltLo - ok
15:52:34.0167 2720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:34.0167 2720 BrFiltUp - ok
15:52:34.0198 2720 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:52:34.0198 2720 BridgeMP - ok
15:52:34.0214 2720 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:52:34.0230 2720 Browser - ok
15:52:34.0245 2720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:52:34.0245 2720 Brserid - ok
15:52:34.0261 2720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:34.0261 2720 BrSerWdm - ok
15:52:34.0261 2720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:34.0261 2720 BrUsbMdm - ok
15:52:34.0276 2720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:34.0276 2720 BrUsbSer - ok
15:52:34.0292 2720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:34.0292 2720 BTHMODEM - ok
15:52:34.0308 2720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:52:34.0308 2720 bthserv - ok
15:52:34.0339 2720 busenum (55913573c41cf091f93a1ac07965ea7e) C:\Windows\system32\DRIVERS\SteelBus64.sys
15:52:34.0339 2720 busenum - ok
15:52:34.0339 2720 catchme - ok
15:52:34.0370 2720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:34.0370 2720 cdfs - ok
15:52:34.0386 2720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:34.0386 2720 cdrom - ok
15:52:34.0417 2720 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:52:34.0417 2720 CertPropSvc - ok
15:52:34.0417 2720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:52:34.0417 2720 circlass - ok
15:52:34.0448 2720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:52:34.0448 2720 CLFS - ok
15:52:34.0510 2720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:34.0526 2720 clr_optimization_v2.0.50727_32 - ok
15:52:34.0557 2720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:34.0557 2720 clr_optimization_v2.0.50727_64 - ok
15:52:34.0604 2720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:34.0666 2720 clr_optimization_v4.0.30319_32 - ok
15:52:34.0729 2720 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:34.0729 2720 clr_optimization_v4.0.30319_64 - ok
15:52:34.0744 2720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:34.0744 2720 CmBatt - ok
15:52:34.0760 2720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:52:34.0760 2720 cmdide - ok
15:52:34.0791 2720 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:52:34.0791 2720 CNG - ok
15:52:34.0807 2720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:34.0807 2720 Compbatt - ok
15:52:34.0854 2720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:52:34.0854 2720 CompositeBus - ok
15:52:34.0854 2720 COMSysApp - ok
15:52:34.0854 2720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:34.0854 2720 crcdisk - ok
15:52:34.0885 2720 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:52:34.0900 2720 CryptSvc - ok
15:52:34.0916 2720 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:52:34.0916 2720 CSC - ok
15:52:34.0947 2720 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:52:34.0947 2720 CscService - ok
15:52:34.0978 2720 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:52:34.0994 2720 DcomLaunch - ok
15:52:35.0025 2720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:52:35.0025 2720 defragsvc - ok
15:52:35.0072 2720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:52:35.0072 2720 DfsC - ok
15:52:35.0088 2720 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:52:35.0103 2720 Dhcp - ok
15:52:35.0103 2720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:52:35.0103 2720 discache - ok
15:52:35.0119 2720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:52:35.0119 2720 Disk - ok
15:52:35.0150 2720 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:52:35.0166 2720 Dnscache - ok
15:52:35.0181 2720 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:52:35.0181 2720 dot3svc - ok
15:52:35.0197 2720 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:52:35.0212 2720 DPS - ok
15:52:35.0228 2720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:52:35.0228 2720 drmkaud - ok
15:52:35.0275 2720 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:52:35.0290 2720 dtsoftbus01 - ok
15:52:35.0353 2720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:35.0353 2720 DXGKrnl - ok
15:52:35.0384 2720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:52:35.0384 2720 EapHost - ok
15:52:35.0478 2720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:35.0493 2720 ebdrv - ok
15:52:35.0571 2720 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:52:35.0571 2720 EFS - ok
15:52:35.0602 2720 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:52:35.0602 2720 ehRecvr - ok
15:52:35.0618 2720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:52:35.0634 2720 ehSched - ok
15:52:35.0665 2720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:35.0665 2720 elxstor - ok
15:52:35.0696 2720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:52:35.0696 2720 ErrDev - ok
15:52:35.0758 2720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:52:35.0758 2720 EventSystem - ok
15:52:35.0790 2720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:35.0790 2720 exfat - ok
15:52:35.0805 2720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:35.0805 2720 fastfat - ok
15:52:35.0836 2720 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:52:35.0852 2720 Fax - ok
15:52:35.0852 2720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:35.0852 2720 fdc - ok
15:52:35.0868 2720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:52:35.0868 2720 fdPHost - ok
15:52:35.0883 2720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:52:35.0883 2720 FDResPub - ok
15:52:35.0899 2720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:35.0914 2720 FileInfo - ok
15:52:35.0914 2720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:35.0930 2720 Filetrace - ok
15:52:35.0930 2720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:35.0930 2720 flpydisk - ok
15:52:35.0961 2720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:52:35.0961 2720 FltMgr - ok
15:52:36.0039 2720 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:52:36.0070 2720 FontCache - ok
15:52:36.0148 2720 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:36.0148 2720 FontCache3.0.0.0 - ok
15:52:36.0180 2720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:36.0180 2720 FsDepends - ok
15:52:36.0226 2720 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:52:36.0226 2720 fssfltr - ok
15:52:36.0382 2720 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:52:36.0398 2720 fsssvc - ok
15:52:36.0445 2720 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:36.0445 2720 Fs_Rec - ok
15:52:36.0476 2720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:36.0492 2720 fvevol - ok
15:52:36.0523 2720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:36.0523 2720 gagp30kx - ok
15:52:36.0570 2720 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:52:36.0570 2720 gpsvc - ok
15:52:36.0585 2720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:36.0585 2720 hcw85cir - ok
15:52:36.0616 2720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:52:36.0616 2720 HdAudAddService - ok
15:52:36.0632 2720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:52:36.0632 2720 HDAudBus - ok
15:52:36.0663 2720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:36.0663 2720 HidBatt - ok
15:52:36.0679 2720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:36.0679 2720 HidBth - ok
15:52:36.0694 2720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:36.0694 2720 HidIr - ok
15:52:36.0710 2720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:52:36.0710 2720 hidserv - ok
15:52:36.0757 2720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:36.0757 2720 HidUsb - ok
15:52:36.0772 2720 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:52:36.0788 2720 hkmsvc - ok
15:52:36.0804 2720 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:52:36.0804 2720 HomeGroupListener - ok
15:52:36.0835 2720 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:52:36.0835 2720 HomeGroupProvider - ok
15:52:36.0850 2720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:52:36.0850 2720 HpSAMD - ok
15:52:36.0882 2720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:52:36.0897 2720 HTTP - ok
15:52:36.0913 2720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:52:36.0913 2720 hwpolicy - ok
15:52:36.0928 2720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:52:36.0928 2720 i8042prt - ok
15:52:36.0960 2720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:52:36.0975 2720 iaStorV - ok
15:52:37.0069 2720 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:37.0069 2720 idsvc - ok
15:52:37.0084 2720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:37.0084 2720 iirsp - ok
15:52:37.0131 2720 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:52:37.0131 2720 IKEEXT - ok
15:52:37.0147 2720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:52:37.0147 2720 intelide - ok
15:52:37.0162 2720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:37.0162 2720 intelppm - ok
15:52:37.0178 2720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:52:37.0178 2720 IPBusEnum - ok
15:52:37.0194 2720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:37.0194 2720 IpFilterDriver - ok
15:52:37.0225 2720 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:52:37.0240 2720 iphlpsvc - ok
15:52:37.0256 2720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:52:37.0256 2720 IPMIDRV - ok
15:52:37.0272 2720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:37.0272 2720 IPNAT - ok
15:52:37.0287 2720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:37.0287 2720 IRENUM - ok
15:52:37.0303 2720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:52:37.0303 2720 isapnp - ok
15:52:37.0318 2720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:52:37.0318 2720 iScsiPrt - ok
15:52:37.0334 2720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:37.0334 2720 kbdclass - ok
15:52:37.0350 2720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:37.0350 2720 kbdhid - ok
15:52:37.0381 2720 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:37.0381 2720 KeyIso - ok
15:52:37.0412 2720 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:52:37.0412 2720 KSecDD - ok
15:52:37.0443 2720 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:37.0443 2720 KSecPkg - ok
15:52:37.0459 2720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:37.0459 2720 ksthunk - ok
15:52:37.0506 2720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:52:37.0506 2720 KtmRm - ok
15:52:37.0537 2720 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:52:37.0537 2720 L1C - ok
15:52:37.0568 2720 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:52:37.0568 2720 LanmanServer - ok
15:52:37.0599 2720 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:52:37.0599 2720 LanmanWorkstation - ok
15:52:37.0693 2720 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:52:37.0693 2720 LightScribeService - ok
15:52:37.0708 2720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:37.0708 2720 lltdio - ok
15:52:37.0740 2720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:52:37.0740 2720 lltdsvc - ok
15:52:37.0755 2720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:52:37.0755 2720 lmhosts - ok
15:52:37.0771 2720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:37.0771 2720 LSI_FC - ok
15:52:37.0786 2720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:37.0786 2720 LSI_SAS - ok
15:52:37.0802 2720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:37.0818 2720 LSI_SAS2 - ok
15:52:37.0833 2720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:37.0833 2720 LSI_SCSI - ok
15:52:37.0849 2720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:37.0849 2720 luafv - ok
15:52:37.0880 2720 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:52:37.0896 2720 mcdbus - ok
15:52:37.0927 2720 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:52:37.0927 2720 Mcx2Svc - ok
15:52:37.0958 2720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:37.0958 2720 megasas - ok
15:52:37.0974 2720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:37.0974 2720 MegaSR - ok
15:52:37.0989 2720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:38.0005 2720 MMCSS - ok
15:52:38.0020 2720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:38.0020 2720 Modem - ok
15:52:38.0036 2720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:38.0036 2720 monitor - ok
15:52:38.0067 2720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:38.0083 2720 mouclass - ok
15:52:38.0098 2720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:38.0098 2720 mouhid - ok
15:52:38.0130 2720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:52:38.0130 2720 mountmgr - ok
15:52:38.0176 2720 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:38.0192 2720 MozillaMaintenance - ok
15:52:38.0208 2720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:52:38.0208 2720 mpio - ok
15:52:38.0223 2720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:52:38.0223 2720 mpsdrv - ok
15:52:38.0270 2720 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:52:38.0286 2720 MpsSvc - ok
15:52:38.0317 2720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:52:38.0317 2720 MRxDAV - ok
15:52:38.0332 2720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:38.0332 2720 mrxsmb - ok
15:52:38.0364 2720 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:38.0379 2720 mrxsmb10 - ok
15:52:38.0395 2720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:38.0395 2720 mrxsmb20 - ok
15:52:38.0410 2720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:52:38.0410 2720 msahci - ok
15:52:38.0410 2720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:52:38.0410 2720 msdsm - ok
15:52:38.0442 2720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:52:38.0442 2720 MSDTC - ok
15:52:38.0457 2720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:52:38.0457 2720 Msfs - ok
15:52:38.0473 2720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:52:38.0473 2720 mshidkmdf - ok
15:52:38.0504 2720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:52:38.0504 2720 msisadrv - ok
15:52:38.0520 2720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:52:38.0535 2720 MSiSCSI - ok
15:52:38.0535 2720 msiserver - ok
15:52:38.0551 2720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:38.0551 2720 MSKSSRV - ok
15:52:38.0582 2720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:38.0582 2720 MSPCLOCK - ok
15:52:38.0582 2720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:52:38.0582 2720 MSPQM - ok
15:52:38.0598 2720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:52:38.0598 2720 MsRPC - ok
15:52:38.0613 2720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:52:38.0613 2720 mssmbios - ok
15:52:38.0629 2720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:52:38.0629 2720 MSTEE - ok
15:52:38.0629 2720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:38.0629 2720 MTConfig - ok
15:52:38.0660 2720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:52:38.0660 2720 Mup - ok
15:52:38.0676 2720 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:52:38.0691 2720 napagent - ok
15:52:38.0738 2720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:38.0754 2720 NativeWifiP - ok
15:52:38.0785 2720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:52:38.0800 2720 NDIS - ok
15:52:38.0800 2720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:38.0800 2720 NdisCap - ok
15:52:38.0816 2720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:38.0816 2720 NdisTapi - ok
15:52:38.0847 2720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:38.0847 2720 Ndisuio - ok
15:52:38.0894 2720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:38.0894 2720 NdisWan - ok
15:52:38.0925 2720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:52:38.0925 2720 NDProxy - ok
15:52:38.0941 2720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:52:38.0941 2720 NetBIOS - ok
15:52:38.0972 2720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:52:38.0972 2720 NetBT - ok
15:52:39.0003 2720 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:39.0003 2720 Netlogon - ok
15:52:39.0050 2720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:52:39.0050 2720 Netman - ok
15:52:39.0159 2720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:39.0159 2720 NetMsmqActivator - ok
15:52:39.0175 2720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:39.0175 2720 NetPipeActivator - ok
15:52:39.0222 2720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:52:39.0222 2720 netprofm - ok
15:52:39.0237 2720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:39.0237 2720 NetTcpActivator - ok
15:52:39.0237 2720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:39.0253 2720 NetTcpPortSharing - ok
15:52:39.0268 2720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:39.0268 2720 nfrd960 - ok
15:52:39.0284 2720 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:52:39.0300 2720 NlaSvc - ok
15:52:39.0300 2720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:52:39.0300 2720 Npfs - ok
15:52:39.0315 2720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:52:39.0315 2720 nsi - ok
15:52:39.0315 2720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:52:39.0315 2720 nsiproxy - ok
15:52:39.0378 2720 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:52:39.0409 2720 Ntfs - ok
15:52:39.0440 2720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:52:39.0440 2720 Null - ok
15:52:39.0487 2720 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:52:39.0487 2720 nvraid - ok
15:52:39.0503 2720 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:52:39.0503 2720 nvstor - ok
15:52:39.0534 2720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:52:39.0534 2720 nv_agp - ok
15:52:39.0596 2720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:52:39.0612 2720 odserv - ok
15:52:39.0627 2720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:52:39.0627 2720 ohci1394 - ok
15:52:39.0659 2720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:39.0659 2720 ose - ok
15:52:39.0705 2720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:52:39.0721 2720 p2pimsvc - ok
15:52:39.0737 2720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:52:39.0737 2720 p2psvc - ok
15:52:39.0752 2720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:52:39.0752 2720 Parport - ok
15:52:39.0768 2720 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:52:39.0768 2720 partmgr - ok
15:52:39.0783 2720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:52:39.0783 2720 PcaSvc - ok
15:52:39.0799 2720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:52:39.0799 2720 pci - ok
15:52:39.0815 2720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:52:39.0815 2720 pciide - ok
15:52:39.0830 2720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:39.0830 2720 pcmcia - ok
15:52:39.0846 2720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:52:39.0846 2720 pcw - ok
15:52:39.0893 2720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:52:39.0893 2720 PEAUTH - ok
15:52:39.0955 2720 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:52:39.0986 2720 PeerDistSvc - ok
15:52:40.0033 2720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:52:40.0033 2720 PerfHost - ok
15:52:40.0173 2720 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:52:40.0189 2720 pla - ok
15:52:40.0220 2720 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:52:40.0220 2720 PlugPlay - ok
15:52:40.0236 2720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:52:40.0236 2720 PNRPAutoReg - ok
15:52:40.0267 2720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:52:40.0267 2720 PNRPsvc - ok
15:52:40.0298 2720 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:52:40.0298 2720 PolicyAgent - ok
15:52:40.0314 2720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:52:40.0329 2720 Power - ok
15:52:40.0361 2720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:40.0361 2720 PptpMiniport - ok
15:52:40.0376 2720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:52:40.0376 2720 Processor - ok
15:52:40.0392 2720 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:52:40.0392 2720 ProfSvc - ok
15:52:40.0423 2720 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:40.0423 2720 ProtectedStorage - ok
15:52:40.0470 2720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:52:40.0470 2720 Psched - ok
15:52:40.0626 2720 QBCFMonitorService (f3775745cbeedc8e4690d822fe669bf5) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:52:40.0626 2720 QBCFMonitorService - ok
15:52:40.0735 2720 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:52:40.0735 2720 QBFCService - ok
15:52:40.0797 2720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:52:40.0813 2720 ql2300 - ok
15:52:40.0891 2720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:40.0891 2720 ql40xx - ok
15:52:40.0922 2720 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:52:40.0938 2720 QWAVE - ok
15:52:40.0953 2720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:52:40.0953 2720 QWAVEdrv - ok
15:52:40.0953 2720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:40.0953 2720 RasAcd - ok
15:52:40.0969 2720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:40.0969 2720 RasAgileVpn - ok
15:52:40.0985 2720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:52:40.0985 2720 RasAuto - ok
15:52:41.0031 2720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:41.0031 2720 Rasl2tp - ok
15:52:41.0047 2720 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:52:41.0063 2720 RasMan - ok
15:52:41.0078 2720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:41.0078 2720 RasPppoe - ok
15:52:41.0094 2720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:41.0094 2720 RasSstp - ok
15:52:41.0109 2720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:41.0125 2720 rdbss - ok
15:52:41.0141 2720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:41.0141 2720 rdpbus - ok
15:52:41.0141 2720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:41.0141 2720 RDPCDD - ok
15:52:41.0172 2720 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:52:41.0172 2720 RDPDR - ok
15:52:41.0187 2720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:52:41.0187 2720 RDPENCDD - ok
15:52:41.0187 2720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:52:41.0187 2720 RDPREFMP - ok
15:52:41.0250 2720 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:52:41.0250 2720 RDPWD - ok
15:52:41.0281 2720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:52:41.0281 2720 rdyboost - ok
15:52:41.0343 2720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:52:41.0343 2720 RemoteAccess - ok
15:52:41.0359 2720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:52:41.0359 2720 RemoteRegistry - ok
15:52:41.0406 2720 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:52:41.0406 2720 RimUsb - ok
15:52:41.0421 2720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:52:41.0421 2720 RpcEptMapper - ok
15:52:41.0437 2720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:52:41.0437 2720 RpcLocator - ok
15:52:41.0453 2720 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:52:41.0453 2720 RpcSs - ok
15:52:41.0468 2720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:41.0468 2720 rspndr - ok
15:52:41.0484 2720 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:52:41.0484 2720 s3cap - ok
15:52:41.0499 2720 SAlphamHid (e13d43901ec079280a2a9bad9a2ccda7) C:\Windows\system32\DRIVERS\SAlpham64.sys
15:52:41.0499 2720 SAlphamHid - ok
15:52:41.0531 2720 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:41.0546 2720 SamSs - ok
15:52:41.0609 2720 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:52:41.0609 2720 SASDIFSV - ok
15:52:41.0640 2720 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:52:41.0640 2720 SASKUTIL - ok
15:52:41.0655 2720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:52:41.0655 2720 sbp2port - ok
15:52:41.0702 2720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:52:41.0702 2720 SCardSvr - ok
15:52:41.0733 2720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:52:41.0733 2720 scfilter - ok
15:52:41.0765 2720 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:52:41.0796 2720 Schedule - ok
15:52:41.0811 2720 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:52:41.0811 2720 SCPolicySvc - ok
15:52:41.0843 2720 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:52:41.0843 2720 SDRSVC - ok
15:52:41.0921 2720 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:52:41.0921 2720 SeaPort - ok
15:52:41.0967 2720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:41.0967 2720 secdrv - ok
15:52:41.0983 2720 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:52:41.0983 2720 seclogon - ok
15:52:41.0999 2720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:52:41.0999 2720 SENS - ok
15:52:42.0014 2720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:52:42.0030 2720 SensrSvc - ok
15:52:42.0045 2720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:52:42.0045 2720 Serial - ok
15:52:42.0077 2720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:52:42.0077 2720 sermouse - ok
15:52:42.0092 2720 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:52:42.0092 2720 SessionEnv - ok
15:52:42.0108 2720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:52:42.0108 2720 sffdisk - ok
15:52:42.0108 2720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:42.0108 2720 sffp_mmc - ok
15:52:42.0139 2720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:52:42.0139 2720 sffp_sd - ok
15:52:42.0139 2720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:42.0139 2720 sfloppy - ok
15:52:42.0186 2720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:52:42.0186 2720 SharedAccess - ok
15:52:42.0217 2720 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:52:42.0217 2720 ShellHWDetection - ok
15:52:42.0233 2720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:42.0233 2720 SiSRaid2 - ok
15:52:42.0248 2720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:42.0248 2720 SiSRaid4 - ok
15:52:42.0342 2720 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:52:42.0357 2720 SkypeUpdate - ok
15:52:42.0373 2720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:52:42.0389 2720 Smb - ok
15:52:42.0435 2720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:52:42.0451 2720 SNMPTRAP - ok
15:52:42.0451 2720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:52:42.0451 2720 spldr - ok
15:52:42.0513 2720 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:52:42.0529 2720 Spooler - ok
15:52:42.0669 2720 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:52:42.0779 2720 sppsvc - ok
15:52:42.0872 2720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:52:42.0872 2720 sppuinotify - ok
15:52:42.0935 2720 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:52:42.0950 2720 srv - ok
15:52:42.0981 2720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:52:42.0981 2720 srv2 - ok
15:52:42.0997 2720 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:43.0013 2720 srvnet - ok
15:52:43.0059 2720 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
15:52:43.0059 2720 ssadbus - ok
15:52:43.0091 2720 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:52:43.0091 2720 ssadmdfl - ok
15:52:43.0106 2720 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:52:43.0122 2720 ssadmdm - ok
15:52:43.0137 2720 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
15:52:43.0153 2720 ssadserd - ok
15:52:43.0169 2720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:52:43.0184 2720 SSDPSRV - ok
15:52:43.0200 2720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:52:43.0200 2720 SstpSvc - ok
15:52:43.0215 2720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:52:43.0215 2720 stexstor - ok
15:52:43.0262 2720 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:52:43.0278 2720 stisvc - ok
15:52:43.0309 2720 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:52:43.0309 2720 storflt - ok
15:52:43.0340 2720 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:52:43.0340 2720 StorSvc - ok
15:52:43.0371 2720 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:52:43.0371 2720 storvsc - ok
15:52:43.0387 2720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:52:43.0387 2720 swenum - ok
15:52:43.0512 2720 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:52:43.0527 2720 SwitchBoard - ok
15:52:43.0559 2720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:52:43.0559 2720 swprv - ok
15:52:43.0637 2720 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:52:43.0652 2720 SysMain - ok
15:52:43.0746 2720 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:52:43.0746 2720 TabletInputService - ok
15:52:43.0777 2720 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:52:43.0793 2720 TapiSrv - ok
15:52:43.0808 2720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:52:43.0808 2720 TBS - ok
15:52:43.0949 2720 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:52:43.0949 2720 Tcpip - ok
15:52:44.0183 2720 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:44.0198 2720 TCPIP6 - ok
15:52:44.0245 2720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:52:44.0261 2720 tcpipreg - ok
15:52:44.0261 2720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:52:44.0261 2720 TDPIPE - ok
15:52:44.0292 2720 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:52:44.0292 2720 TDTCP - ok
15:52:44.0323 2720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:52:44.0323 2720 tdx - ok
15:52:44.0339 2720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:52:44.0339 2720 TermDD - ok
15:52:44.0385 2720 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:52:44.0401 2720 TermService - ok
15:52:44.0417 2720 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:52:44.0417 2720 Themes - ok
15:52:44.0432 2720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:44.0432 2720 THREADORDER - ok
15:52:44.0448 2720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:52:44.0463 2720 TrkWks - ok
15:52:44.0541 2720 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:52:44.0541 2720 TrustedInstaller - ok
15:52:44.0604 2720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:44.0604 2720 tssecsrv - ok
15:52:44.0666 2720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:52:44.0666 2720 TsUsbFlt - ok
15:52:44.0697 2720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:44.0697 2720 tunnel - ok
15:52:44.0729 2720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:52:44.0744 2720 uagp35 - ok
15:52:44.0760 2720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:52:44.0760 2720 udfs - ok
15:52:44.0775 2720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:52:44.0775 2720 UI0Detect - ok
15:52:44.0791 2720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:52:44.0791 2720 uliagpkx - ok
15:52:44.0822 2720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:52:44.0838 2720 umbus - ok
15:52:44.0838 2720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:52:44.0838 2720 UmPass - ok
15:52:44.0869 2720 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:52:44.0869 2720 UmRdpService - ok
15:52:44.0885 2720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:52:44.0900 2720 upnphost - ok
15:52:44.0900 2720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:44.0916 2720 usbccgp - ok
15:52:44.0931 2720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:52:44.0931 2720 usbcir - ok
15:52:44.0931 2720 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:44.0931 2720 usbehci - ok
15:52:44.0978 2720 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:52:44.0978 2720 usbfilter - ok
15:52:45.0009 2720 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:45.0009 2720 usbhub - ok
15:52:45.0009 2720 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:52:45.0025 2720 usbohci - ok
15:52:45.0041 2720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:45.0041 2720 usbprint - ok
15:52:45.0056 2720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:45.0072 2720 usbscan - ok
15:52:45.0072 2720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:45.0072 2720 USBSTOR - ok
15:52:45.0087 2720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:52:45.0087 2720 usbuhci - ok
15:52:45.0103 2720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:52:45.0103 2720 UxSms - ok
15:52:45.0119 2720 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:45.0119 2720 VaultSvc - ok
15:52:45.0119 2720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:52:45.0119 2720 vdrvroot - ok
15:52:45.0150 2720 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:52:45.0150 2720 vds - ok
15:52:45.0165 2720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:45.0165 2720 vga - ok
15:52:45.0165 2720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:52:45.0165 2720 VgaSave - ok
15:52:45.0415 2720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:52:45.0415 2720 vhdmp - ok
15:52:45.0509 2720 VIAHdAudAddService (712bfd5dac2668fba4a2435fb06c3d00) C:\Windows\system32\drivers\viahduaa.sys
15:52:45.0524 2720 VIAHdAudAddService - ok
15:52:45.0540 2720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:52:45.0540 2720 viaide - ok
15:52:45.0555 2720 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:52:45.0555 2720 vmbus - ok
15:52:45.0571 2720 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:52:45.0587 2720 VMBusHID - ok
15:52:45.0602 2720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:52:45.0602 2720 volmgr - ok
15:52:45.0633 2720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:52:45.0649 2720 volmgrx - ok
15:52:45.0665 2720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:52:45.0665 2720 volsnap - ok
15:52:45.0696 2720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:45.0696 2720 vsmraid - ok
15:52:45.0774 2720 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:52:45.0805 2720 VSS - ok
15:52:45.0883 2720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:52:45.0883 2720 vwifibus - ok
15:52:45.0945 2720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:52:45.0961 2720 W32Time - ok
15:52:45.0961 2720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:52:45.0961 2720 WacomPen - ok
15:52:45.0992 2720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:45.0992 2720 WANARP - ok
15:52:45.0992 2720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:45.0992 2720 Wanarpv6 - ok
15:52:46.0039 2720 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:52:46.0070 2720 WatAdminSvc - ok
15:52:46.0117 2720 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:52:46.0133 2720 wbengine - ok
15:52:46.0164 2720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:52:46.0179 2720 WbioSrvc - ok
15:52:46.0211 2720 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:52:46.0211 2720 wcncsvc - ok
15:52:46.0226 2720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:52:46.0226 2720 WcsPlugInService - ok
15:52:46.0242 2720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:52:46.0242 2720 Wd - ok
15:52:46.0273 2720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:46.0273 2720 Wdf01000 - ok
15:52:46.0289 2720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:46.0289 2720 WdiServiceHost - ok
15:52:46.0289 2720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:46.0289 2720 WdiSystemHost - ok
15:52:46.0320 2720 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:52:46.0320 2720 WebClient - ok
15:52:46.0335 2720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:52:46.0335 2720 Wecsvc - ok
15:52:46.0351 2720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:52:46.0351 2720 wercplsupport - ok
15:52:46.0367 2720 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:52:46.0367 2720 WerSvc - ok
15:52:46.0382 2720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:46.0382 2720 WfpLwf - ok
15:52:46.0398 2720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:52:46.0398 2720 WIMMount - ok
15:52:46.0429 2720 WinDefend - ok
15:52:46.0445 2720 WinHttpAutoProxySvc - ok
15:52:46.0507 2720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:52:46.0507 2720 Winmgmt - ok
15:52:46.0601 2720 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:52:46.0632 2720 WinRM - ok
15:52:46.0757 2720 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:46.0757 2720 WinUsb - ok
15:52:46.0788 2720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:52:46.0803 2720 Wlansvc - ok
15:52:46.0913 2720 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:46.0944 2720 wlidsvc - ok
15:52:46.0991 2720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:52:46.0991 2720 WmiAcpi - ok
15:52:47.0006 2720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:47.0006 2720 wmiApSrv - ok
15:52:47.0022 2720 WMPNetworkSvc - ok
15:52:47.0037 2720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:52:47.0037 2720 WPCSvc - ok
15:52:47.0053 2720 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:52:47.0053 2720 WPDBusEnum - ok
15:52:47.0069 2720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:47.0069 2720 ws2ifsl - ok
15:52:47.0100 2720 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:52:47.0100 2720 wscsvc - ok
15:52:47.0100 2720 WSearch - ok
15:52:47.0162 2720 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:52:47.0209 2720 wuauserv - ok
15:52:47.0724 2720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:52:47.0724 2720 WudfPf - ok
15:52:47.0786 2720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:47.0786 2720 WUDFRd - ok
15:52:47.0911 2720 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:52:47.0942 2720 wudfsvc - ok
15:52:48.0005 2720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:52:48.0020 2720 WwanSvc - ok
15:52:48.0036 2720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:52:48.0239 2720 \Device\Harddisk0\DR0 - ok
15:52:48.0239 2720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:52:48.0847 2720 \Device\Harddisk1\DR1 - ok
15:52:48.0847 2720 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
15:52:48.0925 2720 \Device\Harddisk2\DR2 - ok
15:52:48.0925 2720 Boot (0x1200) (826693ed45b1d99697907076d0827e3c) \Device\Harddisk0\DR0\Partition0
15:52:48.0925 2720 \Device\Harddisk0\DR0\Partition0 - ok
15:52:48.0956 2720 Boot (0x1200) (e7f69cbc1ec45b28848cb7eaa9511a30) \Device\Harddisk0\DR0\Partition1
15:52:48.0956 2720 \Device\Harddisk0\DR0\Partition1 - ok
15:52:48.0987 2720 Boot (0x1200) (32f177f83913c656ffc1f115bee3b5a3) \Device\Harddisk0\DR0\Partition2
15:52:49.0003 2720 \Device\Harddisk0\DR0\Partition2 - ok
15:52:49.0143 2720 Boot (0x1200) (63176745a7dab97deabd9be25d75a9c2) \Device\Harddisk1\DR1\Partition0
15:52:49.0143 2720 \Device\Harddisk1\DR1\Partition0 - ok
15:52:49.0159 2720 Boot (0x1200) (6fdf4ecb7e5a310cb1d696c2644a8bb2) \Device\Harddisk2\DR2\Partition0
15:52:49.0159 2720 \Device\Harddisk2\DR2\Partition0 - ok
15:52:49.0159 2720 ============================================================
15:52:49.0159 2720 Scan finished
15:52:49.0159 2720 ============================================================
15:52:49.0190 2428 Detected object count: 0
15:52:49.0190 2428 Actual detected object count: 0
15:53:34.0430 1416 ============================================================
15:53:34.0430 1416 Scan started
15:53:34.0430 1416 Mode: Manual;
15:53:34.0430 1416 ============================================================
15:53:35.0054 1416 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:53:35.0054 1416 !SASCORE - ok
15:53:35.0101 1416 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:53:35.0101 1416 1394ohci - ok
15:53:35.0132 1416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:53:35.0132 1416 ACPI - ok
15:53:35.0148 1416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:53:35.0148 1416 AcpiPmi - ok
15:53:35.0195 1416 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:53:35.0195 1416 Adobe LM Service - ok
15:53:35.0273 1416 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:35.0273 1416 AdobeFlashPlayerUpdateSvc - ok
15:53:35.0319 1416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:53:35.0335 1416 adp94xx - ok
15:53:35.0351 1416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:53:35.0351 1416 adpahci - ok
15:53:35.0366 1416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:53:35.0366 1416 adpu320 - ok
15:53:35.0397 1416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:53:35.0397 1416 AeLookupSvc - ok
15:53:35.0413 1416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:53:35.0429 1416 AFD - ok
15:53:35.0444 1416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:53:35.0444 1416 agp440 - ok
15:53:35.0444 1416 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:53:35.0460 1416 ALG - ok
15:53:35.0460 1416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:53:35.0460 1416 aliide - ok
15:53:35.0491 1416 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
15:53:35.0491 1416 Alpham1 - ok
15:53:35.0507 1416 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
15:53:35.0507 1416 Alpham2 - ok
15:53:35.0522 1416 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
15:53:35.0538 1416 AMD External Events Utility - ok
15:53:35.0553 1416 AMD FUEL Service - ok
15:53:35.0585 1416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:53:35.0585 1416 amdide - ok
15:53:35.0600 1416 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:53:35.0600 1416 amdiox64 - ok
15:53:35.0616 1416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:53:35.0616 1416 AmdK8 - ok
15:53:35.0943 1416 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
15:53:35.0975 1416 amdkmdag - ok
15:53:36.0068 1416 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
15:53:36.0068 1416 amdkmdap - ok
15:53:36.0084 1416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:53:36.0084 1416 AmdPPM - ok
15:53:36.0099 1416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:53:36.0099 1416 amdsata - ok
15:53:36.0115 1416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:53:36.0115 1416 amdsbs - ok
15:53:36.0131 1416 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:53:36.0131 1416 amdxata - ok
15:53:36.0146 1416 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:53:36.0146 1416 AODDriver4.01 - ok
15:53:36.0146 1416 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:53:36.0146 1416 AODDriver4.1 - ok
15:53:36.0162 1416 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:53:36.0177 1416 AppID - ok
15:53:36.0177 1416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:53:36.0177 1416 AppIDSvc - ok
15:53:36.0209 1416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:53:36.0209 1416 Appinfo - ok
15:53:36.0224 1416 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:53:36.0224 1416 AppMgmt - ok
15:53:36.0240 1416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:53:36.0240 1416 arc - ok
15:53:36.0255 1416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:53:36.0255 1416 arcsas - ok
15:53:36.0318 1416 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:53:36.0333 1416 aspnet_state - ok
15:53:36.0349 1416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:53:36.0349 1416 AsyncMac - ok
15:53:36.0365 1416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:53:36.0365 1416 atapi - ok
15:53:36.0380 1416 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
15:53:36.0380 1416 AtiHDAudioService - ok
15:53:36.0411 1416 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
15:53:36.0411 1416 AtiHdmiService - ok
15:53:36.0427 1416 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:53:36.0427 1416 AtiPcie - ok
15:53:36.0458 1416 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys
15:53:36.0458 1416 ATITool - ok
15:53:36.0521 1416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:53:36.0521 1416 AudioEndpointBuilder - ok
15:53:36.0536 1416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:53:36.0552 1416 AudioSrv - ok
15:53:36.0755 1416 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:53:36.0770 1416 AVGIDSAgent - ok
15:53:36.0848 1416 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:53:36.0848 1416 AVGIDSDriver - ok
15:53:36.0864 1416 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:53:36.0879 1416 AVGIDSEH - ok
15:53:36.0895 1416 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:53:36.0895 1416 AVGIDSFilter - ok
15:53:36.0911 1416 AvgLdx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:53:36.0911 1416 AvgLdx64 - ok
15:53:36.0926 1416 AvgMfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:53:36.0926 1416 AvgMfx64 - ok
15:53:36.0942 1416 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:53:36.0942 1416 Avgrkx64 - ok
15:53:36.0957 1416 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:53:36.0957 1416 Avgtdia - ok
15:53:36.0989 1416 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:53:36.0989 1416 avgwd - ok
15:53:37.0004 1416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:53:37.0004 1416 AxInstSV - ok
15:53:37.0051 1416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:53:37.0051 1416 b06bdrv - ok
15:53:37.0098 1416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:53:37.0113 1416 b57nd60a - ok
15:53:37.0129 1416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:53:37.0129 1416 BDESVC - ok
15:53:37.0145 1416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:53:37.0145 1416 Beep - ok
15:53:37.0191 1416 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:53:37.0191 1416 BFE - ok
15:53:37.0223 1416 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:53:37.0223 1416 BITS - ok
15:53:37.0254 1416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:53:37.0254 1416 blbdrive - ok
15:53:37.0285 1416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:53:37.0285 1416 bowser - ok
15:53:37.0301 1416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:53:37.0301 1416 BrFiltLo - ok
15:53:37.0316 1416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:53:37.0316 1416 BrFiltUp - ok
15:53:37.0316 1416 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:53:37.0316 1416 BridgeMP - ok
15:53:37.0347 1416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:53:37.0347 1416 Browser - ok
15:53:37.0363 1416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:53:37.0363 1416 Brserid - ok
15:53:37.0379 1416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:53:37.0379 1416 BrSerWdm - ok
15:53:37.0379 1416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:53:37.0379 1416 BrUsbMdm - ok
15:53:37.0394 1416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:53:37.0394 1416 BrUsbSer - ok
15:53:37.0394 1416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:53:37.0410 1416 BTHMODEM - ok
15:53:37.0425 1416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:53:37.0425 1416 bthserv - ok
15:53:37.0457 1416 busenum (55913573c41cf091f93a1ac07965ea7e) C:\Windows\system32\DRIVERS\SteelBus64.sys
15:53:37.0457 1416 busenum - ok
15:53:37.0457 1416 catchme - ok
15:53:37.0488 1416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:53:37.0488 1416 cdfs - ok
15:53:37.0503 1416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:53:37.0519 1416 cdrom - ok
15:53:37.0535 1416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:53:37.0535 1416 CertPropSvc - ok
15:53:37.0550 1416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:53:37.0566 1416 circlass - ok
15:53:37.0581 1416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:53:37.0581 1416 CLFS - ok
15:53:37.0644 1416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:37.0644 1416 clr_optimization_v2.0.50727_32 - ok
15:53:37.0675 1416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:53:37.0675 1416 clr_optimization_v2.0.50727_64 - ok
15:53:37.0737 1416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:37.0737 1416 clr_optimization_v4.0.30319_32 - ok
15:53:37.0769 1416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:53:37.0769 1416 clr_optimization_v4.0.30319_64 - ok
15:53:37.0784 1416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:53:37.0784 1416 CmBatt - ok
15:53:37.0800 1416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:53:37.0800 1416 cmdide - ok
15:53:37.0847 1416 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:53:37.0847 1416 CNG - ok
15:53:37.0862 1416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:53:37.0862 1416 Compbatt - ok
15:53:37.0878 1416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:53:37.0878 1416 CompositeBus - ok
15:53:37.0878 1416 COMSysApp - ok
15:53:37.0893 1416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:53:37.0893 1416 crcdisk - ok
15:53:37.0925 1416 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:53:37.0925 1416 CryptSvc - ok
15:53:37.0956 1416 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:53:37.0956 1416 CSC - ok
15:53:37.0987 1416 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:53:37.0987 1416 CscService - ok
15:53:38.0003 1416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:53:38.0018 1416 DcomLaunch - ok
15:53:38.0034 1416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:53:38.0034 1416 defragsvc - ok
15:53:38.0081 1416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:53:38.0081 1416 DfsC - ok
15:53:38.0096 1416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:53:38.0112 1416 Dhcp - ok
15:53:38.0112 1416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:53:38.0112 1416 discache - ok
15:53:38.0127 1416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:53:38.0127 1416 Disk - ok
15:53:38.0143 1416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:53:38.0143 1416 Dnscache - ok
15:53:38.0174 1416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:53:38.0174 1416 dot3svc - ok
15:53:38.0190 1416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:53:38.0205 1416 DPS - ok
15:53:38.0205 1416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:53:38.0205 1416 drmkaud - ok
15:53:38.0252 1416 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:53:38.0252 1416 dtsoftbus01 - ok
15:53:38.0315 1416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:53:38.0315 1416 DXGKrnl - ok
15:53:38.0346 1416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:53:38.0346 1416 EapHost - ok
15:53:38.0439 1416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:53:38.0455 1416 ebdrv - ok
15:53:38.0549 1416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:53:38.0549 1416 EFS - ok
15:53:38.0611 1416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:53:38.0611 1416 ehRecvr - ok
15:53:38.0658 1416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:53:38.0658 1416 ehSched - ok
15:53:38.0705 1416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:53:38.0720 1416 elxstor - ok
15:53:38.0736 1416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:53:38.0736 1416 ErrDev - ok
15:53:38.0767 1416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:53:38.0767 1416 EventSystem - ok
15:53:38.0798 1416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:53:38.0798 1416 exfat - ok
15:53:38.0814 1416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:53:38.0814 1416 fastfat - ok
15:53:38.0829 1416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:53:38.0845 1416 Fax - ok
15:53:38.0845 1416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:53:38.0845 1416 fdc - ok
15:53:38.0861 1416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:53:38.0861 1416 fdPHost - ok
15:53:38.0876 1416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:53:38.0876 1416 FDResPub - ok
15:53:38.0876 1416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:53:38.0876 1416 FileInfo - ok
15:53:38.0892 1416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:53:38.0892 1416 Filetrace - ok
15:53:38.0907 1416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:53:38.0907 1416 flpydisk - ok
15:53:38.0923 1416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:53:38.0939 1416 FltMgr - ok
15:53:39.0001 1416 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:53:39.0017 1416 FontCache - ok
15:53:39.0079 1416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:53:39.0079 1416 FontCache3.0.0.0 - ok
15:53:39.0095 1416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:53:39.0095 1416 FsDepends - ok
15:53:39.0141 1416 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:53:39.0141 1416 fssfltr - ok
15:53:39.0282 1416 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:53:39.0282 1416 fsssvc - ok
15:53:39.0329 1416 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:53:39.0329 1416 Fs_Rec - ok
15:53:39.0375 1416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:53:39.0375 1416 fvevol - ok
15:53:39.0391 1416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:53:39.0391 1416 gagp30kx - ok
15:53:39.0453 1416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:53:39.0453 1416 gpsvc - ok
15:53:39.0453 1416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:53:39.0453 1416 hcw85cir - ok
15:53:39.0500 1416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:53:39.0500 1416 HdAudAddService - ok
15:53:39.0500 1416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:53:39.0500 1416 HDAudBus - ok
15:53:39.0516 1416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:53:39.0531 1416 HidBatt - ok
15:53:39.0531 1416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:53:39.0531 1416 HidBth - ok
15:53:39.0547 1416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:53:39.0547 1416 HidIr - ok
15:53:39.0563 1416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:53:39.0563 1416 hidserv - ok
15:53:39.0594 1416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:53:39.0594 1416 HidUsb - ok
15:53:39.0625 1416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:53:39.0625 1416 hkmsvc - ok
15:53:39.0641 1416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:53:39.0641 1416 HomeGroupListener - ok
15:53:39.0656 1416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:53:39.0656 1416 HomeGroupProvider - ok
15:53:39.0672 1416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:53:39.0672 1416 HpSAMD - ok
15:53:39.0703 1416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:53:39.0703 1416 HTTP - ok
15:53:39.0734 1416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:53:39.0734 1416 hwpolicy - ok
15:53:39.0750 1416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:53:39.0750 1416 i8042prt - ok
15:53:39.0765 1416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:53:39.0765 1416 iaStorV - ok
15:53:39.0859 1416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:53:39.0875 1416 idsvc - ok
15:53:39.0890 1416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:53:39.0890 1416 iirsp - ok
15:53:39.0921 1416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:53:39.0921 1416 IKEEXT - ok
15:53:39.0937 1416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:53:39.0937 1416 intelide - ok
15:53:39.0953 1416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:53:39.0953 1416 intelppm - ok
15:53:39.0968 1416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:53:39.0968 1416 IPBusEnum - ok
15:53:39.0984 1416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:53:39.0984 1416 IpFilterDriver - ok
15:53:40.0015 1416 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:53:40.0015 1416 iphlpsvc - ok
15:53:40.0031 1416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:53:40.0031 1416 IPMIDRV - ok
15:53:40.0046 1416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:53:40.0046 1416 IPNAT - ok
15:53:40.0062 1416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:53:40.0062 1416 IRENUM - ok
15:53:40.0062 1416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:53:40.0062 1416 isapnp - ok
15:53:40.0077 1416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:53:40.0077 1416 iScsiPrt - ok
15:53:40.0093 1416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:53:40.0093 1416 kbdclass - ok
15:53:40.0093 1416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:53:40.0093 1416 kbdhid - ok
15:53:40.0124 1416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:40.0124 1416 KeyIso - ok
15:53:40.0124 1416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:53:40.0124 1416 KSecDD - ok
15:53:40.0140 1416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:53:40.0140 1416 KSecPkg - ok
15:53:40.0155 1416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:53:40.0155 1416 ksthunk - ok
15:53:40.0171 1416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:53:40.0171 1416 KtmRm - ok
15:53:40.0187 1416 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:53:40.0187 1416 L1C - ok
15:53:40.0218 1416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:53:40.0218 1416 LanmanServer - ok
15:53:40.0265 1416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:53:40.0265 1416 LanmanWorkstation - ok
15:53:40.0343 1416 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:53:40.0343 1416 LightScribeService - ok
15:53:40.0358 1416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:53:40.0358 1416 lltdio - ok
15:53:40.0405 1416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:53:40.0405 1416 lltdsvc - ok
15:53:40.0421 1416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:53:40.0421 1416 lmhosts - ok
15:53:40.0436 1416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:53:40.0452 1416 LSI_FC - ok
15:53:40.0467 1416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:53:40.0467 1416 LSI_SAS - ok
15:53:40.0514 1416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:53:40.0514 1416 LSI_SAS2 - ok
15:53:40.0545 1416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:53:40.0545 1416 LSI_SCSI - ok
15:53:40.0545 1416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:53:40.0545 1416 luafv - ok
15:53:40.0577 1416 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:53:40.0592 1416 mcdbus - ok
15:53:40.0608 1416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:53:40.0623 1416 Mcx2Svc - ok
15:53:40.0623 1416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:53:40.0623 1416 megasas - ok
15:53:40.0655 1416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:53:40.0655 1416 MegaSR - ok
15:53:40.0670 1416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:53:40.0670 1416 MMCSS - ok
15:53:40.0686 1416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:53:40.0686 1416 Modem - ok
15:53:40.0701 1416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:53:40.0701 1416 monitor - ok
15:53:40.0717 1416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:53:40.0717 1416 mouclass - ok
15:53:40.0733 1416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:53:40.0733 1416 mouhid - ok
15:53:40.0764 1416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:53:40.0764 1416 mountmgr - ok
15:53:40.0811 1416 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:53:40.0811 1416 MozillaMaintenance - ok
15:53:40.0842 1416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:53:40.0842 1416 mpio - ok
15:53:40.0857 1416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:53:40.0857 1416 mpsdrv - ok
15:53:40.0920 1416 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:53:40.0920 1416 MpsSvc - ok
15:53:40.0935 1416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:53:40.0951 1416 MRxDAV - ok
15:53:40.0951 1416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:53:40.0951 1416 mrxsmb - ok
15:53:40.0982 1416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:53:40.0982 1416 mrxsmb10 - ok
15:53:40.0998 1416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:53:40.0998 1416 mrxsmb20 - ok
15:53:41.0013 1416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:53:41.0013 1416 msahci - ok
15:53:41.0029 1416 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:53:41.0029 1416 msdsm - ok
15:53:41.0045 1416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:53:41.0045 1416 MSDTC - ok
15:53:41.0060 1416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:53:41.0060 1416 Msfs - ok
15:53:41.0076 1416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:53:41.0076 1416 mshidkmdf - ok
15:53:41.0091 1416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:53:41.0091 1416 msisadrv - ok
15:53:41.0107 1416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:53:41.0107 1416 MSiSCSI - ok
15:53:41.0107 1416 msiserver - ok
15:53:41.0123 1416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:53:41.0123 1416 MSKSSRV - ok
15:53:41.0123 1416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:53:41.0123 1416 MSPCLOCK - ok
15:53:41.0138 1416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:53:41.0138 1416 MSPQM - ok
15:53:41.0169 1416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:53:41.0185 1416 MsRPC - ok
15:53:41.0201 1416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:53:41.0201 1416 mssmbios - ok
15:53:41.0201 1416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:53:41.0201 1416 MSTEE - ok
15:53:41.0216 1416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:53:41.0216 1416 MTConfig - ok
15:53:41.0232 1416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:53:41.0232 1416 Mup - ok
15:53:41.0247 1416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:53:41.0263 1416 napagent - ok
15:53:41.0279 1416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:53:41.0279 1416 NativeWifiP - ok
15:53:41.0310 1416 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:53:41.0325 1416 NDIS - ok
15:53:41.0325 1416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:53:41.0325 1416 NdisCap - ok
15:53:41.0341 1416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:41.0341 1416 NdisTapi - ok
15:53:41.0372 1416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:41.0372 1416 Ndisuio - ok
15:53:41.0403 1416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:41.0403 1416 NdisWan - ok
15:53:41.0435 1416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:53:41.0435 1416 NDProxy - ok
15:53:41.0450 1416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:53:41.0450 1416 NetBIOS - ok
15:53:41.0466 1416 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:53:41.0466 1416 NetBT - ok
15:53:41.0497 1416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:41.0497 1416 Netlogon - ok
15:53:41.0513 1416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:53:41.0513 1416 Netman - ok
15:53:41.0591 1416 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:41.0606 1416 NetMsmqActivator - ok
15:53:41.0606 1416 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:41.0606 1416 NetPipeActivator - ok
15:53:41.0637 1416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:53:41.0637 1416 netprofm - ok
15:53:41.0637 1416 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:41.0637 1416 NetTcpActivator - ok
15:53:41.0653 1416 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:41.0653 1416 NetTcpPortSharing - ok
15:53:41.0684 1416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:53:41.0684 1416 nfrd960 - ok
15:53:41.0700 1416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:53:41.0700 1416 NlaSvc - ok
15:53:41.0715 1416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:53:41.0715 1416 Npfs - ok
15:53:41.0731 1416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:53:41.0731 1416 nsi - ok
15:53:41.0731 1416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:53:41.0731 1416 nsiproxy - ok
15:53:41.0809 1416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:53:41.0809 1416 Ntfs - ok
15:53:41.0856 1416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:53:41.0856 1416 Null - ok
15:53:41.0871 1416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:53:41.0871 1416 nvraid - ok
15:53:41.0887 1416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:53:41.0887 1416 nvstor - ok
15:53:41.0903 1416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:53:41.0903 1416 nv_agp - ok
15:53:41.0965 1416 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:53:41.0965 1416 odserv - ok
15:53:41.0981 1416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:53:41.0981 1416 ohci1394 - ok
15:53:41.0996 1416 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:53:41.0996 1416 ose - ok
15:53:42.0027 1416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:53:42.0027 1416 p2pimsvc - ok
15:53:42.0043 1416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:53:42.0043 1416 p2psvc - ok
15:53:42.0059 1416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:53:42.0059 1416 Parport - ok
15:53:42.0074 1416 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:53:42.0074 1416 partmgr - ok
15:53:42.0090 1416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:53:42.0105 1416 PcaSvc - ok
15:53:42.0105 1416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:53:42.0121 1416 pci - ok
15:53:42.0121 1416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:53:42.0121 1416 pciide - ok
15:53:42.0137 1416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:42.0137 1416 pcmcia - ok
15:53:42.0152 1416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:53:42.0152 1416 pcw - ok
15:53:42.0183 1416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:53:42.0183 1416 PEAUTH - ok
15:53:42.0230 1416 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:53:42.0246 1416 PeerDistSvc - ok
15:53:42.0293 1416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:53:42.0293 1416 PerfHost - ok
15:53:42.0417 1416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:53:42.0433 1416 pla - ok
15:53:42.0464 1416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:53:42.0464 1416 PlugPlay - ok
15:53:42.0480 1416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:53:42.0480 1416 PNRPAutoReg - ok
15:53:42.0495 1416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:53:42.0511 1416 PNRPsvc - ok
15:53:42.0527 1416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:53:42.0542 1416 PolicyAgent - ok
15:53:42.0558 1416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:53:42.0558 1416 Power - ok
15:53:42.0605 1416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:53:42.0605 1416 PptpMiniport - ok
15:53:42.0620 1416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:53:42.0620 1416 Processor - ok
15:53:42.0651 1416 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:53:42.0667 1416 ProfSvc - ok
15:53:42.0698 1416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:42.0698 1416 ProtectedStorage - ok
15:53:42.0729 1416 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:53:42.0729 1416 Psched - ok
15:53:42.0807 1416 QBCFMonitorService (f3775745cbeedc8e4690d822fe669bf5) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:53:42.0807 1416 QBCFMonitorService - ok
15:53:42.0870 1416 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:53:42.0870 1416 QBFCService - ok
15:53:42.0948 1416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:53:42.0963 1416 ql2300 - ok
15:53:43.0010 1416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:53:43.0010 1416 ql40xx - ok
15:53:43.0026 1416 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:53:43.0041 1416 QWAVE - ok
15:53:43.0041 1416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:53:43.0041 1416 QWAVEdrv - ok
15:53:43.0057 1416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:53:43.0057 1416 RasAcd - ok
15:53:43.0057 1416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:53:43.0057 1416 RasAgileVpn - ok
15:53:43.0073 1416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:53:43.0073 1416 RasAuto - ok
15:53:43.0088 1416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:43.0088 1416 Rasl2tp - ok
15:53:43.0119 1416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:53:43.0119 1416 RasMan - ok
15:53:43.0135 1416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:43.0135 1416 RasPppoe - ok
15:53:43.0151 1416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:53:43.0151 1416 RasSstp - ok
15:53:43.0166 1416 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:53:43.0166 1416 rdbss - ok
15:53:43.0182 1416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:53:43.0182 1416 rdpbus - ok
15:53:43.0197 1416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:43.0197 1416 RDPCDD - ok
15:53:43.0229 1416 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:53:43.0229 1416 RDPDR - ok
15:53:43.0244 1416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:53:43.0244 1416 RDPENCDD - ok
15:53:43.0244 1416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:53:43.0244 1416 RDPREFMP - ok
15:53:43.0275 1416 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:53:43.0275 1416 RDPWD - ok
15:53:43.0307 1416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:53:43.0307 1416 rdyboost - ok
15:53:43.0322 1416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:53:43.0322 1416 RemoteAccess - ok
15:53:43.0322 1416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:53:43.0322 1416 RemoteRegistry - ok
15:53:43.0353 1416 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:53:43.0353 1416 RimUsb - ok
15:53:43.0353 1416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:53:43.0369 1416 RpcEptMapper - ok
15:53:43.0369 1416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:53:43.0369 1416 RpcLocator - ok
15:53:43.0385 1416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:53:43.0385 1416 RpcSs - ok
15:53:43.0400 1416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:53:43.0400 1416 rspndr - ok
15:53:43.0431 1416 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:53:43.0431 1416 s3cap - ok
15:53:43.0431 1416 SAlphamHid (e13d43901ec079280a2a9bad9a2ccda7) C:\Windows\system32\DRIVERS\SAlpham64.sys
15:53:43.0447 1416 SAlphamHid - ok
15:53:43.0463 1416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:43.0463 1416 SamSs - ok
15:53:43.0525 1416 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:53:43.0525 1416 SASDIFSV - ok
15:53:43.0541 1416 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:53:43.0541 1416 SASKUTIL - ok
15:53:43.0556 1416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:53:43.0556 1416 sbp2port - ok
15:53:43.0587 1416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:53:43.0587 1416 SCardSvr - ok
15:53:43.0619 1416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:53:43.0619 1416 scfilter - ok
15:53:43.0681 1416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:53:43.0697 1416 Schedule - ok
15:53:43.0712 1416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:53:43.0712 1416 SCPolicySvc - ok
15:53:43.0728 1416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:53:43.0728 1416 SDRSVC - ok
15:53:43.0790 1416 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:53:43.0790 1416 SeaPort - ok
15:53:43.0837 1416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:53:43.0837 1416 secdrv - ok
15:53:43.0853 1416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:53:43.0868 1416 seclogon - ok
15:53:43.0884 1416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:53:43.0884 1416 SENS - ok
15:53:43.0899 1416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:53:43.0915 1416 SensrSvc - ok
15:53:43.0915 1416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:53:43.0931 1416 Serial - ok
15:53:43.0946 1416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:53:43.0946 1416 sermouse - ok
15:53:43.0977 1416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:53:43.0977 1416 SessionEnv - ok
15:53:43.0993 1416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:53:43.0993 1416 sffdisk - ok
15:53:44.0009 1416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:53:44.0009 1416 sffp_mmc - ok
15:53:44.0024 1416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:53:44.0024 1416 sffp_sd - ok
15:53:44.0040 1416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:53:44.0040 1416 sfloppy - ok
15:53:44.0055 1416 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:53:44.0055 1416 SharedAccess - ok
15:53:44.0071 1416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:53:44.0071 1416 ShellHWDetection - ok
15:53:44.0087 1416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:53:44.0087 1416 SiSRaid2 - ok
15:53:44.0102 1416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:53:44.0102 1416 SiSRaid4 - ok
15:53:44.0149 1416 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:53:44.0149 1416 SkypeUpdate - ok
15:53:44.0165 1416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:53:44.0165 1416 Smb - ok
15:53:44.0180 1416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:53:44.0180 1416 SNMPTRAP - ok
15:53:44.0180 1416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:53:44.0180 1416 spldr - ok
15:53:44.0211 1416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:53:44.0211 1416 Spooler - ok
15:53:44.0321 1416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:53:44.0336 1416 sppsvc - ok
15:53:44.0383 1416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:53:44.0383 1416 sppuinotify - ok
15:53:44.0461 1416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:53:44.0461 1416 srv - ok
15:53:44.0523 1416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:53:44.0523 1416 srv2 - ok
15:53:44.0539 1416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:53:44.0539 1416 srvnet - ok
15:53:44.0570 1416 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
15:53:44.0586 1416 ssadbus - ok
15:53:44.0601 1416 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:53:44.0601 1416 ssadmdfl - ok
15:53:44.0617 1416 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:53:44.0617 1416 ssadmdm - ok
15:53:44.0633 1416 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
15:53:44.0633 1416 ssadserd - ok
15:53:44.0664 1416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:53:44.0664 1416 SSDPSRV - ok
15:53:44.0679 1416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:53:44.0679 1416 SstpSvc - ok
15:53:44.0695 1416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:53:44.0695 1416 stexstor - ok
15:53:44.0742 1416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:53:44.0757 1416 stisvc - ok
15:53:44.0789 1416 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:53:44.0789 1416 storflt - ok
15:53:44.0804 1416 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:53:44.0804 1416 StorSvc - ok
15:53:44.0804 1416 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:53:44.0804 1416 storvsc - ok
15:53:44.0820 1416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:53:44.0820 1416 swenum - ok
15:53:44.0929 1416 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:53:44.0929 1416 SwitchBoard - ok
15:53:44.0960 1416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:53:44.0960 1416 swprv - ok
15:53:45.0023 1416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:53:45.0023 1416 SysMain - ok
15:53:45.0116 1416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:53:45.0116 1416 TabletInputService - ok
15:53:45.0147 1416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:53:45.0147 1416 TapiSrv - ok
15:53:45.0194 1416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:53:45.0194 1416 TBS - ok
15:53:45.0288 1416 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:53:45.0303 1416 Tcpip - ok
15:53:45.0381 1416 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:53:45.0397 1416 TCPIP6 - ok
15:53:45.0444 1416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:53:45.0444 1416 tcpipreg - ok
15:53:45.0459 1416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:53:45.0459 1416 TDPIPE - ok
15:53:45.0475 1416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:53:45.0475 1416 TDTCP - ok
15:53:45.0491 1416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:53:45.0491 1416 tdx - ok
15:53:45.0506 1416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:53:45.0506 1416 TermDD - ok
15:53:45.0553 1416 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:53:45.0569 1416 TermService - ok
15:53:45.0569 1416 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:53:45.0584 1416 Themes - ok
15:53:45.0600 1416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:53:45.0600 1416 THREADORDER - ok
15:53:45.0615 1416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:53:45.0615 1416 TrkWks - ok
15:53:45.0647 1416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:53:45.0647 1416 TrustedInstaller - ok
15:53:45.0678 1416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:45.0678 1416 tssecsrv - ok
15:53:45.0693 1416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:53:45.0693 1416 TsUsbFlt - ok
15:53:45.0709 1416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:53:45.0709 1416 tunnel - ok
15:53:45.0709 1416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:53:45.0709 1416 uagp35 - ok
15:53:45.0740 1416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:53:45.0740 1416 udfs - ok
15:53:45.0771 1416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:53:45.0771 1416 UI0Detect - ok
15:53:45.0787 1416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:53:45.0787 1416 uliagpkx - ok
15:53:45.0803 1416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:53:45.0803 1416 umbus - ok
15:53:45.0818 1416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:53:45.0818 1416 UmPass - ok
15:53:45.0834 1416 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:53:45.0834 1416 UmRdpService - ok
15:53:45.0865 1416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:53:45.0865 1416 upnphost - ok
15:53:45.0881 1416 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:45.0881 1416 usbccgp - ok
15:53:45.0896 1416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:53:45.0896 1416 usbcir - ok
15:53:45.0912 1416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:53:45.0912 1416 usbehci - ok
15:53:45.0927 1416 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:53:45.0927 1416 usbfilter - ok
15:53:45.0943 1416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:53:45.0943 1416 usbhub - ok
15:53:45.0959 1416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:53:45.0959 1416 usbohci - ok
15:53:45.0959 1416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:53:45.0959 1416 usbprint - ok
15:53:45.0990 1416 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:53:45.0990 1416 usbscan - ok
15:53:46.0005 1416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:46.0005 1416 USBSTOR - ok
15:53:46.0021 1416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:53:46.0021 1416 usbuhci - ok
15:53:46.0037 1416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:53:46.0037 1416 UxSms - ok
15:53:46.0068 1416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:46.0068 1416 VaultSvc - ok
15:53:46.0068 1416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:53:46.0083 1416 vdrvroot - ok
15:53:46.0115 1416 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:53:46.0130 1416 vds - ok
15:53:46.0146 1416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:46.0146 1416 vga - ok
15:53:46.0161 1416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:53:46.0161 1416 VgaSave - ok
15:53:46.0177 1416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:53:46.0177 1416 vhdmp - ok
15:53:46.0224 1416 VIAHdAudAddService (712bfd5dac2668fba4a2435fb06c3d00) C:\Windows\system32\drivers\viahduaa.sys
15:53:46.0239 1416 VIAHdAudAddService - ok
15:53:46.0255 1416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:53:46.0255 1416 viaide - ok
15:53:46.0271 1416 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:53:46.0271 1416 vmbus - ok
15:53:46.0286 1416 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:53:46.0286 1416 VMBusHID - ok
15:53:46.0302 1416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:53:46.0302 1416 volmgr - ok
15:53:46.0333 1416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:53:46.0349 1416 volmgrx - ok
15:53:46.0364 1416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:53:46.0364 1416 volsnap - ok
15:53:46.0380 1416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:53:46.0380 1416 vsmraid - ok
15:53:46.0458 1416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:53:46.0458 1416 VSS - ok
15:53:46.0536 1416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:53:46.0536 1416 vwifibus - ok
15:53:46.0567 1416 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:53:46.0583 1416 W32Time - ok
15:53:46.0583 1416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:53:46.0598 1416 WacomPen - ok
15:53:46.0614 1416 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:46.0614 1416 WANARP - ok
15:53:46.0614 1416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:46.0614 1416 Wanarpv6 - ok
15:53:46.0661 1416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:53:46.0676 1416 WatAdminSvc - ok
15:53:46.0723 1416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:53:46.0723 1416 wbengine - ok
15:53:46.0754 1416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:53:46.0770 1416 WbioSrvc - ok
15:53:46.0801 1416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:53:46.0817 1416 wcncsvc - ok
15:53:46.0832 1416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:53:46.0832 1416 WcsPlugInService - ok
15:53:46.0848 1416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:53:46.0848 1416 Wd - ok
15:53:46.0879 1416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:53:46.0895 1416 Wdf01000 - ok
15:53:46.0895 1416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:53:46.0895 1416 WdiServiceHost - ok
15:53:46.0910 1416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:53:46.0910 1416 WdiSystemHost - ok
15:53:46.0926 1416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:53:46.0926 1416 WebClient - ok
15:53:46.0941 1416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:53:46.0957 1416 Wecsvc - ok
15:53:46.0973 1416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:53:46.0973 1416 wercplsupport - ok
15:53:46.0988 1416 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:53:46.0988 1416 WerSvc - ok
15:53:47.0004 1416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:53:47.0004 1416 WfpLwf - ok
15:53:47.0019 1416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:53:47.0019 1416 WIMMount - ok
15:53:47.0051 1416 WinDefend - ok
15:53:47.0066 1416 WinHttpAutoProxySvc - ok
15:53:47.0113 1416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:53:47.0129 1416 Winmgmt - ok
15:53:47.0191 1416 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:53:47.0207 1416 WinRM - ok
15:53:47.0269 1416 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:53:47.0269 1416 WinUsb - ok
15:53:47.0300 1416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:53:47.0300 1416 Wlansvc - ok
15:53:47.0409 1416 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:53:47.0425 1416 wlidsvc - ok
15:53:47.0456 1416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:53:47.0456 1416 WmiAcpi - ok
15:53:47.0487 1416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:53:47.0503 1416 wmiApSrv - ok
15:53:47.0503 1416 WMPNetworkSvc - ok
15:53:47.0534 1416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:53:47.0534 1416 WPCSvc - ok
15:53:47.0565 1416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:53:47.0565 1416 WPDBusEnum - ok
15:53:47.0581 1416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:53:47.0581 1416 ws2ifsl - ok
15:53:47.0597 1416 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:53:47.0597 1416 wscsvc - ok
15:53:47.0597 1416 WSearch - ok
15:53:47.0706 1416 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:53:47.0721 1416 wuauserv - ok
15:53:47.0784 1416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:53:47.0784 1416 WudfPf - ok
15:53:47.0799 1416 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:47.0799 1416 WUDFRd - ok
15:53:47.0831 1416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:53:47.0831 1416 wudfsvc - ok
15:53:47.0846 1416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:53:47.0846 1416 WwanSvc - ok
15:53:47.0862 1416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:53:47.0987 1416 \Device\Harddisk0\DR0 - ok
15:53:47.0987 1416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:53:48.0579 1416 \Device\Harddisk1\DR1 - ok
15:53:48.0579 1416 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
15:53:48.0642 1416 \Device\Harddisk2\DR2 - ok
15:53:48.0657 1416 Boot (0x1200) (826693ed45b1d99697907076d0827e3c) \Device\Harddisk0\DR0\Partition0
15:53:48.0657 1416 \Device\Harddisk0\DR0\Partition0 - ok
15:53:48.0673 1416 Boot (0x1200) (e7f69cbc1ec45b28848cb7eaa9511a30) \Device\Harddisk0\DR0\Partition1
15:53:48.0673 1416 \Device\Harddisk0\DR0\Partition1 - ok
15:53:48.0689 1416 Boot (0x1200) (32f177f83913c656ffc1f115bee3b5a3) \Device\Harddisk0\DR0\Partition2
15:53:48.0689 1416 \Device\Harddisk0\DR0\Partition2 - ok
15:53:48.0689 1416 Boot (0x1200) (63176745a7dab97deabd9be25d75a9c2) \Device\Harddisk1\DR1\Partition0
15:53:48.0689 1416 \Device\Harddisk1\DR1\Partition0 - ok
15:53:48.0689 1416 Boot (0x1200) (6fdf4ecb7e5a310cb1d696c2644a8bb2) \Device\Harddisk2\DR2\Partition0
15:53:48.0689 1416 \Device\Harddisk2\DR2\Partition0 - ok
15:53:48.0689 1416 ============================================================
15:53:48.0689 1416 Scan finished
15:53:48.0689 1416 ============================================================
15:53:48.0704 3828 Detected object count: 0
15:53:48.0704 3828 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 15:54:22
-----------------------------
15:54:22.868 OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:22.868 Number of processors: 4 586 0x403
15:54:22.868 ComputerName: NIGHTBLADE-PC UserName:
15:54:23.336 Initialize success
15:55:02.576 AVAST engine defs: 12061201
15:55:07.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:55:07.967 Disk 0 Vendor: ST32000542AS CC34 Size: 1907729MB BusType: 3
15:55:07.977 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
15:55:07.977 Disk 1 Vendor: ST2000DM001-9YN164 CC46 Size: 1907729MB BusType: 3
15:55:07.987 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
15:55:07.987 Disk 2 Vendor: ST32000542AS CC32 Size: 1907729MB BusType: 3
15:55:08.007 Disk 0 MBR read successfully
15:55:08.017 Disk 0 MBR scan
15:55:08.027 Disk 0 Windows 7 default MBR code
15:55:08.037 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 366576 MB offset 63
15:55:08.047 Disk 0 Partition - 00 0F Extended LBA 1541149 MB offset 750749580
15:55:08.067 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 776501 MB offset 750749643
15:55:08.087 Disk 0 Partition - 00 05 Extended 764648 MB offset 2341023930
15:55:08.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 764648 MB offset 2341023993
15:55:08.177 Disk 0 scanning C:\Windows\system32\drivers
15:55:20.295 Service scanning
15:55:38.818 Modules scanning
15:55:38.822 Disk 0 trace - called modules:
15:55:38.826 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:55:38.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d24790]
15:55:38.834 3 CLASSPNP.SYS[fffff8800197943f] -> nt!IofCallDriver -> [0xfffffa80048319b0]
15:55:38.837 5 ACPI.sys[fffff88000f017a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004cb0060]
15:55:40.600 AVAST engine scan C:\Windows
15:55:49.550 AVAST engine scan C:\Windows\system32
15:59:01.490 AVAST engine scan C:\Windows\system32\drivers
15:59:12.800 AVAST engine scan C:\Users\Kendall Silver
16:00:19.882 AVAST engine scan C:\ProgramData
16:02:14.641 Scan finished successfully
16:03:40.886 Disk 0 MBR has been saved successfully to "C:\Users\Kendall Silver\Desktop\MBR.dat"
16:03:40.890 The log file has been saved successfully to "C:\Users\Kendall Silver\Desktop\aswMBR.txt"


Still looking good on my user end, I hope whatever was wrong is either gone or well on it's way out... Thank you!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 12 June 2012 - 09:22 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 14 June 2012 - 09:19 AM

ComboFix 12-06-12.01 - Kendall Silver 06/14/2012 8:47.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2463 [GMT -5:00]
Running from: g:\downloads\New Downloads\ComboFix.exe
Command switches used :: c:\users\Kendall Silver\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KENDAL~1\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80\CliSecureRT64.dll
c:\users\KENDAL~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\Kendall Silver\AppData\Local\Temp\3d0a1899-e862-43d1-b9db-9650cceb2a80\CliSecureRT64.dll
c:\users\Kendall Silver\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 13:52 . 2012-06-14 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 13:36 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 13:36 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 13:36 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 13:36 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 13:36 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 13:36 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 13:36 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 13:36 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 13:36 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 13:36 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 13:36 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 13:35 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 13:35 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 13:35 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 13:35 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 13:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 13:35 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 21:14 . 2012-06-12 21:14 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-12 21:14 . 2012-06-12 21:13 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-06-12 21:13 . 2012-06-12 21:13 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-06-12 21:13 . 2012-06-12 21:13 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-06-12 21:13 . 2012-06-12 21:13 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-06-12 21:13 . 2012-06-12 21:13 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-06-12 21:13 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-06-12 21:13 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-06-12 21:13 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-06-12 21:13 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-06-12 21:13 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-06-06 14:13 . 2012-06-06 14:13 -------- d-----w- c:\users\Kendall Silver\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 14:13 . 2012-06-06 14:13 -------- d-----w- c:\programdata\!SASCORE
2012-06-06 14:13 . 2012-06-06 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-06 13:31 . 2012-06-06 13:31 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 13:31 . 2012-06-06 13:31 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 03:44 . 2012-06-06 03:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-04 16:08 . 2012-06-04 16:08 -------- d-----w- c:\programdata\ATI
2012-06-04 16:08 . 2012-06-04 16:08 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-04 16:08 . 2012-06-04 16:08 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-27 00:42 . 2009-07-14 01:28 20268032 ----a-w- c:\windows\system32\imageres_original.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 14:33 . 2012-03-29 10:26 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-19 14:33 . 2011-05-13 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-05-05 02:18 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-09-06 23:06 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-05-05 01:56 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2010-10-27 07:57 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2010-10-27 08:22 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-15 02:14 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-05 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2010-05-05 01:22 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 20:56 . 2010-09-28 08:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 20:51 . 2012-03-31 20:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-30 11:35 . 2012-05-10 16:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-18 14:54 . 2010-09-08 16:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-17 07:58 . 2012-05-10 16:35 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_14.00.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-12 21:15 . 2010-06-02 09:55 74072 c:\windows\SysWOW64\XAPOFX1_5.dll
+ 2012-06-13 16:29 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-06-13 16:29 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-12 03:25 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-12 03:25 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-06-13 16:29 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-06-12 13:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-14 13:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-12 13:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-14 13:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-14 13:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 13:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-12 21:15 . 2010-06-02 09:55 77656 c:\windows\system32\XAPOFX1_5.dll
+ 2010-09-06 23:03 . 2012-06-14 13:55 46840 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-14 13:55 35970 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-06 22:56 . 2012-06-14 13:55 24568 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2723756421-2902712719-1131625151-1001_UserData.bin
+ 2012-06-13 16:29 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
- 2012-04-12 03:25 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-06-13 16:29 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-06-13 16:29 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
- 2012-04-12 03:25 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-11 03:32 . 2012-05-11 03:32 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-09 00:24 . 2012-06-13 16:37 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-06-14 03:04 . 2012-06-14 03:04 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\11c324b9616d95c2685716fbae9324ab\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\be0023b0814db0cd39b177e21632f8e9\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 21:58 . 2012-06-13 21:58 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\876f4df16291d2b14c21e2a14afb60c9\WindowsLiveWriter.ni.exe
+ 2012-06-13 21:59 . 2012-06-13 21:59 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
- 2010-09-07 10:40 . 2012-06-12 13:58 5524 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-09-07 10:40 . 2012-06-14 04:41 5524 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-12 13:59 . 2012-06-12 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-14 13:53 . 2012-06-14 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-14 13:53 . 2012-06-14 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 13:59 . 2012-06-12 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-12 21:15 . 2010-06-02 09:55 527192 c:\windows\SysWOW64\XAudio2_7.dll
+ 2012-06-12 21:15 . 2010-06-02 09:55 239960 c:\windows\SysWOW64\xactengine3_7.dll
- 2012-04-12 03:25 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
+ 2012-06-13 16:29 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-06-13 16:29 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
- 2012-04-12 03:25 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
- 2011-05-12 23:32 . 2011-05-12 23:32 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-06-13 16:29 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-04-12 03:25 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-13 16:29 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-12 21:15 . 2010-05-26 16:41 248672 c:\windows\SysWOW64\d3dx11_43.dll
+ 2012-06-12 21:15 . 2010-06-02 09:55 518488 c:\windows\system32\XAudio2_7.dll
+ 2012-06-12 21:15 . 2010-06-02 09:55 176984 c:\windows\system32\xactengine3_7.dll
- 2012-04-12 03:25 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
+ 2012-06-13 16:29 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-06-12 11:25 672538 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-14 13:39 672538 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-14 13:39 126560 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-12 11:25 126560 c:\windows\system32\perfc009.dat
- 2012-04-12 03:25 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-06-13 16:29 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
+ 2012-06-13 16:29 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
- 2011-05-12 23:32 . 2011-05-12 23:32 173056 c:\windows\system32\ieUnatt.exe
+ 2012-06-13 16:29 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
- 2012-04-12 03:25 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
+ 2012-06-12 21:15 . 2010-05-26 16:41 276832 c:\windows\system32\d3dx11_43.dll
+ 2012-06-12 21:15 . 2010-05-26 16:41 511328 c:\windows\system32\d3dx10_43.dll
+ 2009-07-14 04:46 . 2012-06-14 13:42 105336 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-06-06 18:30 105336 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-14 13:52 711408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-12 13:58 711408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
- 2012-04-12 00:38 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-13 13:35 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-12 00:38 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-13 13:35 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-09-09 00:24 . 2012-06-13 16:37 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-06-14 03:04 . 2012-06-14 03:04 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\99cb318f961215576faaa1545dda4f49\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\319e75d7f46269746bf9b0e90bb6bd72\System.Web.Entity.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\36a0e6286d72d98d39588687815731bb\System.Web.Entity.Design.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\4167c5a7841a7d28d41c1c3729b3924c\System.Web.DynamicData.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 331776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\3e3b88c0768491811650ffae55afb0cb\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\b296ac056fd009b084b03fdfc9559b92\System.Drawing.Design.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\122b5ef2b93132bd770c2c5d753d73ee\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\c85b43405ac9aa403a714af716ef3c5e\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\a0abe24dff94a2fb2c27c631a45aa95f\System.Web.Entity.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\951b0d1b999b49a47fb06f4011565ffa\System.Web.Entity.Design.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\ae2121b64d021313d3c1ddd621e4d472\System.Web.DynamicData.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\15e5acbd2196d1d4bde8466ff690aa76\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-13 16:37 . 2012-06-13 16:37 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\0640b7fe359ea63a1799465631aa691a\System.Drawing.Design.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b02ad189fc3de84d6361f0bf0cfafbf5\AspNetMMCExt.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
+ 2012-06-14 02:59 . 2012-06-14 02:59 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\0101faefdcc3274ba594e7a103ec0186\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\526a33ed761cce911ff85646c4a0ec80\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\167a62317f33ae61ef5d7b70ba0421c3\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\9016fe60c2398dd6c3c8d8494e1a24b5\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\877ba3d01d6bac7d76ec8a5fede67baf\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll
+ 2012-06-14 02:59 . 2012-06-14 02:59 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-06-13 21:59 . 2012-06-13 21:59 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\62cec20b82795b936aa2ebe09cf390b3\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f061177fad83e0d31527ca85a7b9447d\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebda5533597f76b6f088db06a3c9bf89\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c9819eac00ff9d58e19599438e5ac742\WindowsLive.Writer.Api.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1c69dc861cc74197d32851f14e7072a\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a4ebb53e20a38dcf5d65f12abffd64a8\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9b8dc38b0c2427faeb5e306a453d251a\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c2ee846c46973e97e706f39bb72e2e8\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8aaba9a485b995efaac2c1a59051e676\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\26a195621994dccb5a5f9c06ce1e5fd7\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0ccb4a3228a1ca615f849ebfe8d4daee\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\ad66e359fad3f5ace031f71737b111a0\WindowsLive.Client.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\2b9aa0cd9971fff78931f901c901f1e0\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 467456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d03291209a2244d6d8f5072bd756effc\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\9e50f2fb3c8157aac9508d1484fca9c5\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\855b99be5878283866f6977c6dc556e8\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\bd371ac78fe72393b9453b10e9e99d28\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\98f7f926a9f0ad41a3773a054cc4d3a8\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
+ 2012-06-13 13:35 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-12 00:38 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 16:29 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-06-13 16:29 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-06-13 16:29 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-06-13 16:29 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-06-13 16:29 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-06-12 21:15 . 2010-05-26 16:41 1868128 c:\windows\SysWOW64\d3dcsx_43.dll
+ 2012-06-12 21:15 . 2010-05-26 16:41 2106216 c:\windows\SysWOW64\D3DCompiler_43.dll
+ 2012-06-13 16:29 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-06-13 16:29 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
+ 2012-06-13 16:29 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
+ 2012-06-13 16:29 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-05-11 15:26 5254568 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-06-13 21:05 5254568 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-12 21:15 . 2010-05-26 16:41 1907552 c:\windows\system32\d3dcsx_43.dll
+ 2012-06-12 21:15 . 2010-05-26 16:41 2526056 c:\windows\system32\D3DCompiler_43.dll
+ 2009-07-14 04:45 . 2012-06-13 21:07 7321160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-04 16:18 7321160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-09-08 15:13 . 2012-06-10 02:16 9547224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-08 15:13 . 2012-06-14 04:41 9547224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-13 13:36 . 2012-03-21 22:30 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2012-05-10 16:35 . 2012-01-04 03:34 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-05-24 14:32 . 2010-11-05 01:56 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-06-13 13:36 . 2012-03-21 22:30 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
- 2012-05-10 16:35 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-13 13:36 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-05-24 14:32 . 2010-11-05 01:58 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-13 13:36 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 03:32 . 2012-05-11 03:32 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-30 12:17 . 2012-05-30 12:17 5010432 c:\windows\Installer\a82b85.msp
+ 2012-04-23 03:46 . 2012-04-23 03:46 1187328 c:\windows\Installer\a82b6e.msp
+ 2012-03-15 19:26 . 2012-03-15 19:26 4212736 c:\windows\Installer\a82b62.msp
+ 2010-09-09 00:24 . 2012-06-13 16:37 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-09-09 00:24 . 2012-05-11 03:33 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-09 00:24 . 2012-06-13 16:37 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-06-14 03:01 . 2012-06-14 03:01 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 1602560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\fb9bda76fdb95462be5964d24b3a3694\System.WorkflowServices.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 5922304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\7e21b535d75b72744702755d91df3e04\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 3744768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\788eeff916be29e97c39ceed908b36c1\System.Workflow.Activities.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 2964992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\1991b901c67dc756a410b4352a0b82d5\System.Web.Mobile.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 1101312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\a08563ecdd9d8c25776f7697b82441b8\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\4e3d591d1ffa8ce8d8659f6b096a968e\System.Web.Extensions.ni.dll
+ 2012-06-14 03:04 . 2012-06-14 03:04 5618688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\1d5dfd6fd8c797913853b3bb7b58e340\System.Web.DataVisualization.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-14 03:02 . 2012-06-14 03:02 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-14 03:02 . 2012-06-14 03:02 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\06b302bc4d53d2abace0e35c7c6ac340\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 3821056 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9857693ea27b34f5c8d00356eddefb9b\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-13 16:35 . 2012-06-13 16:35 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\b54a7adba206d3dba187a47557284d51\AspNetMMCExt.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\582c7d14b9ce7ac950f2a432a0809270\AspNetMMCExt.ni.dll
+ 2012-06-13 16:37 . 2012-06-13 16:37 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6831f648f5b925f1194f691b0b491662\System.WorkflowServices.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\a1705962a6725e5f40066496222d67e7\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\ec819e8a7e4585ffc87ae93d3b0662d8\System.Workflow.Activities.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\98709826ecf4cc93d6b85c8fe2c009b7\System.Web.Mobile.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\27b66f127250f2ba37f9bf1d519c6039\System.Web.Extensions.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\794ebda123b04ccc874a5624bdced900\System.Web.DataVisualization.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-13 16:36 . 2012-06-13 16:36 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\41acde5834988268e2cdbed499715066\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\545d26502454316492990b42b093e673\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 21:06 . 2012-06-13 21:06 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-06-13 21:06 . 2012-06-13 21:06 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-06-13 21:05 . 2012-06-13 21:05 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\78d5f2d52e06f6ea47b359bf4ceb7b65\SrpUxSnapIn.ni.dll
+ 2012-06-13 21:06 . 2012-06-13 21:06 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-06-13 21:06 . 2012-06-13 21:06 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll
+ 2012-06-14 03:01 . 2012-06-14 03:01 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe
+ 2012-06-14 03:00 . 2012-06-14 03:00 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 1960960 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.S#\d63d503c6c266b686c4997e8d5dbbc62\Microsoft.Windows.Smc.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 02:59 . 2012-06-14 02:59 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-14 02:59 . 2012-06-14 02:59 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\2dace3e1a3fbdd679501e1c7c868ac3e\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 02:59 . 2012-06-14 02:59 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe29ec14034fcf7bd83f609ee5327f03\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccb5629a16edaafb40d3bdec51c70451\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\81c0c8525a9f6ff5c97e95a331eba69c\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\369eb9f2556436aadf9bc93610124d3b\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\0f05778da82962003762ac22f0ab4b91\SrpUxSnapIn.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe
+ 2012-06-13 21:59 . 2012-06-13 21:59 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1665536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.S#\8e8cc1ab936f8f0679d783ce8df03ed9\Microsoft.Windows.Smc.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\efbe64bfafaaaec44b5c0e487c0b2c4a\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 21:59 . 2012-06-13 21:59 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-13 13:36 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-10 16:35 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-13 13:36 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-05-24 14:32 . 2010-11-05 01:58 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 16:29 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-06-04 16:12 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-13 21:03 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-13 16:29 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2010-09-07 16:02 . 2012-06-13 16:34 58957832 c:\windows\system32\MRT.exe
+ 2012-06-13 16:29 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2010-09-07 01:42 . 2012-06-14 13:52 28051856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2723756421-2902712719-1131625151-1001-12288.dat
+ 2012-06-14 03:03 . 2012-06-14 03:03 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\be472c4f636fc5b8fc38476dbfe01358\System.Web.ni.dll
+ 2012-06-14 03:03 . 2012-06-14 03:03 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\2cf901cb93fe6a24b4466094390ec73a\System.Design.ni.dll
+ 2012-06-14 03:02 . 2012-06-14 03:02 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-14 03:02 . 2012-06-14 03:02 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-13 16:37 . 2012-06-13 16:37 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-06-13 22:00 . 2012-06-13 22:00 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\fdb5565e4c807a8cd79de9f40c0cd644\System.Web.ni.dll
+ 2012-06-13 16:37 . 2012-06-13 16:37 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\ecde3362b4d67a0025c3c9d5b9525f4a\System.Design.ni.dll
+ 2012-06-13 16:37 . 2012-06-13 16:37 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-06-13 16:37 . 2012-06-13 16:37 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-06-13 21:06 . 2012-06-13 21:06 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll
+ 2012-06-13 21:06 . 2012-06-13 21:06 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-06-13 21:05 . 2012-06-13 21:05 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-06-14 03:00 . 2012-06-14 03:00 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-13 21:08 . 2012-06-13 21:08 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-13 21:07 . 2012-06-13 21:07 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-04-05 231424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-01-18 2787840]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
.
c:\users\Kendall Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\program files\UltraMon\UltraMon.exe [2010-2-14 694272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 AvgMfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-06-06 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - c:\windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com\fai.music.metaservices
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kendall Silver\AppData\Roaming\Mozilla\Firefox\Profiles\nxm19n1d.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\1a\0f\08/?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-06-14 08:58:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-14 13:58
ComboFix2.txt 2012-06-12 14:04
.
Pre-Run: 203,957,567,488 bytes free
Post-Run: 203,825,078,272 bytes free
.
- - End Of File - - 0A136A1A2A7F8A94C6730BEAAAC24D7D





Everything seems to be running good... I haven't seen any more redirects or popups. Thank you.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 14 June 2012 - 01:03 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 14 June 2012 - 10:26 PM

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Creative Suite 5 Master Collection
Adobe Reader 9.5.1
Amazon Kindle
AMD USB Filter Driver
AMD VISION Engine Control Center
Astroburn Lite
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Registration
Borderlands
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Curse Client
D3DX10
DAEMON Tools Lite
DDS Thumbnail Viewer
Diablo II
Diablo III
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Icon Maker
Fallout 3
Free Mp3 Wma Converter V 1.91
Google Update Helper
HydraVision
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
LightScribe Applications
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Adventure
LightScribe Template Designs - Animal Pack 1
LightScribe Template Designs - Architecture Pack 1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Athletic Pack 1
LightScribe Template Designs - Bonus Pack 1
LightScribe Template Designs - Bridal Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Celebration Pack 1
LightScribe Template Designs - Expressions
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Designs - Floral Pack 1
LightScribe Template Designs - Food-n-Family Pack 1
LightScribe Template Designs - Grab Bag Pack 1
LightScribe Template Designs - Hobby Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Kickin It Pack 1
LightScribe Template Designs - Kids Korner Pack 1
LightScribe Template Designs - Life Events Pack 1
LightScribe Template Designs - Memories
LightScribe Template Designs - Music Pack 1
LightScribe Template Designs - Mythology Pack 1
LightScribe Template Designs - Nature Pack 1
LightScribe Template Designs - Pets Pack 1
LightScribe Template Designs - Quick and Simple Pack 1
LightScribe Template Designs - Seasonal Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Straight Text
LightScribe Template Designs - Street Style Pack 1
LightScribe Template Designs - Tattoo Pack 1
LightScribe Template Designs - Tie The Knot
LightScribe Template Designs - Travel Pack 1
LightScribe Template Designs - Tribal Pack 1
LightScribe Template Designs - Urban Pack 1
LightScribe Template Designs - Wedding Pack 1
LightScribe Template Designs - Winter Whimsy
LightScribe Template Designs - With The Band
LightScribe Template Labeler
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobipocket Creator 4.2
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 11.0.1 (x86 en-US)
Mp3tag v2.49
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
Netflix in Windows Media Center
NVIDIA Photoshop Plug-ins
NVIDIA Photoshop Plug-ins 64 bit
NVIDIA PhysX v8.10.29
PDF Settings CS5
PFPortChecker 1.0.39
Platform
Portforward Static IP Address 1.0.45
PSD Codec by Ardfry Imaging, LLC (32 bit)
QuickBooks
QuickBooks Premier: Professional Services Edition 2009
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.8
svBuilder
Synergy
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2008 x64 Redistributables
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
World of Warcraft
XviD MPEG4 Video Codec (remove only)
Z Engine

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 14 June 2012 - 10:36 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Easy Icon Maker
Java™ 6 Update 29
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 15 June 2012 - 03:12 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kendall Silver :: NIGHTBLADE-PC [administrator]

6/15/2012 2:13:48 PM
mbam-log-2012-06-15 (14-13-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210194
Time elapsed: 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:10:04 PM, on 6/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &4 - C:\Windows\web\AOpenClient.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - (no file)
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7799 bytes





Just a question... I have been using Easy Icon Maker for years and have never had a problem with it ... Why is it on the list of programs to remove... and may i reinstall it after all this is done?

Everything is running great.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 15 June 2012 - 09:11 PM

Greetings

Why it is on the list I don't know

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
      O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 16 June 2012 - 12:30 PM

ESET Online Scanner ran and found nothing... it did not generate a log... i ran it twice even and couldn't find a way to get a log.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 AM

Posted 16 June 2012 - 01:16 PM

Hello


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 KendallSilver

KendallSilver
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 17 June 2012 - 11:20 AM

Thank you so much for you help Gringo, my system is running awesomely.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users