Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Advertisments/Some redirects


  • This topic is locked This topic is locked
16 replies to this topic

#1 sickomann

sickomann

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 11 June 2012 - 04:25 PM

Hi, ive been redirected from Post

i have a problem where i hear audio adverts playing in the background of this laptop. When i check the sound mixer settings, they show up as "not available" and after running MBAM full scans in normal and safemode, nothing has shown up. I hope i can get help to resolve this nuisance. Thanks

Step 7 cannot be completed due to the system being 64x
DDS log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ziggy at 22:19:25 on 2012-06-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2804.1473 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6e3b5a04000000000000c417fe9bc06a
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273602125416l0368z1k5t4821d717
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273602125416l0368z1k5t4821d717
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273602125416l0368z1k5t4821d717
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll
uRun: [Google Update] "C:\Users\Ziggy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Spotify Web Helper] "C:\Users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [LolMatches Client] C:\Program Files (x86)\LolMatches\LolMatches Client.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Ziggy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1C8F1CDB-EDCB-4EE1-A7A3-CD4D34C87741} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1C8F1CDB-EDCB-4EE1-A7A3-CD4D34C87741}\35B4954303737313 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ziggy\AppData\Roaming\Mozilla\Firefox\Profiles\cniyebok.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Ziggy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-5-25 785344]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-2-14 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-7 654408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-3-28 155320]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-14 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257696]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-14 135664]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-7 113120]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\system32\DRIVERS\s0017bus.sys --> C:\Windows\system32\DRIVERS\s0017bus.sys [?]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0017mdfl.sys --> C:\Windows\system32\DRIVERS\s0017mdfl.sys [?]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0017mdm.sys --> C:\Windows\system32\DRIVERS\s0017mdm.sys [?]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0017mgmt.sys --> C:\Windows\system32\DRIVERS\s0017mgmt.sys [?]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\system32\DRIVERS\s0017nd5.sys --> C:\Windows\system32\DRIVERS\s0017nd5.sys [?]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0017obex.sys --> C:\Windows\system32\DRIVERS\s0017obex.sys [?]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\system32\DRIVERS\s0017unic.sys --> C:\Windows\system32\DRIVERS\s0017unic.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-10 14:10:59 388096 ----a-r- C:\Users\Ziggy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-10 14:10:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-09 16:23:21 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-09 16:09:39 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-09 16:03:20 -------- d-----w- C:\Users\Ziggy\AppData\Roaming\ZIP RAR ACE Password Recovery
2012-06-08 13:12:25 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0565339-96D3-4581-BDF6-C28CE1881F40}\mpengine.dll
2012-06-07 09:48:15 -------- d-----w- C:\Users\Ziggy\AppData\Roaming\LolMatches Client
2012-06-07 09:48:15 -------- d-----w- C:\Program Files (x86)\LolMatches
2012-06-04 15:54:00 -------- d-----w- C:\LOLPBE
2012-06-02 09:07:37 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 17:05:37 -------- d-----w- C:\Users\Ziggy\AppData\Roaming\.minecraft
2012-05-26 15:44:20 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-05-26 15:44:18 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-05-25 12:35:42 -------- d-----w- C:\Users\Ziggy\AppData\Local\libimobiledevice
2012-05-24 11:52:07 -------- d-----w- C:\Users\Ziggy\AppData\Roaming\LolClient2
2012-05-21 20:57:19 -------- d-----w- C:\Program Files (x86)\Graboid
2012-05-20 21:00:40 -------- d-----w- C:\ProgramData\DivX
.
==================== Find3M ====================
.
2012-06-09 16:47:26 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 18:13:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 22:20:46.98 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 12 June 2012 - 06:08 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 12 June 2012 - 11:49 AM

Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.1.102.63 Flash Player out of Date!
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




,ComboFix 12-06-12.01 - Ziggy 12/06/2012 16:25:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2804.1720 [GMT 1:00]
Running from: c:\users\Ziggy\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\lol
c:\program files (x86)\lol\LeagueOfLegends\0x0407.ini
c:\program files (x86)\lol\LeagueOfLegends\0x0409.ini
c:\program files (x86)\lol\LeagueOfLegends\0x040a.ini
c:\program files (x86)\lol\LeagueOfLegends\0x040c.ini
c:\program files (x86)\lol\LeagueOfLegends\data1.cab
c:\program files (x86)\lol\LeagueOfLegends\data1.hdr
c:\program files (x86)\lol\LeagueOfLegends\data2.cab
c:\program files (x86)\lol\LeagueOfLegends\ISSetup.dll
c:\program files (x86)\lol\LeagueOfLegends\layout.bin
c:\program files (x86)\lol\LeagueOfLegends\setup.exe
c:\program files (x86)\lol\LeagueOfLegends\setup.ini
c:\program files (x86)\lol\LeagueOfLegends\setup.inx
c:\program files (x86)\lol\LeagueOfLegends\setup.isn
c:\users\Ziggy\Documents\~WRL0002.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\L\00000004.@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\L\1afb2d56
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\L\201d3dde
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\00000004.@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\00000008.@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\000000cb.@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\80000000.@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\80000032.@
c:\windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy4_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 15:34 . 2012-06-12 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 14:10 . 2012-06-10 14:10 388096 ----a-r- c:\users\Ziggy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-10 14:10 . 2012-06-10 14:10 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-09 16:23 . 2012-06-09 16:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-09 16:09 . 2012-06-09 16:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 16:03 . 2012-06-09 16:03 -------- d-----w- c:\users\Ziggy\AppData\Roaming\ZIP RAR ACE Password Recovery
2012-06-08 13:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0565339-96D3-4581-BDF6-C28CE1881F40}\mpengine.dll
2012-06-07 09:48 . 2012-06-07 10:53 -------- d-----w- c:\users\Ziggy\AppData\Roaming\LolMatches Client
2012-06-07 09:48 . 2012-06-07 09:48 -------- d-----w- c:\program files (x86)\LolMatches
2012-06-07 01:32 . 2012-06-07 01:32 -------- d-----w- c:\users\Ziggy\AppData\Local\Mozilla
2012-06-07 01:32 . 2012-06-07 01:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-04 15:54 . 2012-06-05 14:49 -------- d-----w- C:\LOLPBE
2012-06-02 09:07 . 2012-06-02 09:07 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 17:05 . 2012-05-31 17:10 -------- d-----w- c:\users\Ziggy\AppData\Roaming\.minecraft
2012-05-26 15:44 . 2012-05-26 15:44 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-26 15:44 . 2012-05-26 15:44 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-05-25 12:35 . 2012-05-25 12:35 -------- d-----w- c:\users\Ziggy\AppData\Local\libimobiledevice
2012-05-24 11:52 . 2012-05-24 11:52 -------- d-----w- c:\users\Ziggy\AppData\Roaming\LolClient2
2012-05-21 20:57 . 2012-05-21 21:00 -------- d-----w- c:\program files (x86)\Graboid
2012-05-20 21:00 . 2012-05-20 21:00 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 16:47 . 2012-03-24 02:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2012-02-19 14:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 05:34 . 2012-05-09 13:37 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-09 13:37 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-09 13:37 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01 . 2012-05-09 13:37 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-09 13:37 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-23 09:47 . 2012-03-23 09:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-23 09:47 . 2012-03-23 09:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-23 09:47 . 2012-03-23 09:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-23 09:47 . 2012-03-23 09:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-23 09:47 . 2012-03-23 09:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-23 09:47 . 2012-03-23 09:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-23 09:47 . 2012-03-23 09:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-23 09:47 . 2012-03-23 09:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-23 09:47 . 2012-03-23 09:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-23 09:47 . 2012-03-23 09:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-23 09:47 . 2012-03-23 09:47 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-23 09:47 . 2012-03-23 09:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-23 09:47 . 2012-03-23 09:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-23 09:47 . 2012-03-23 09:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-23 09:47 . 2012-03-23 09:47 448512 ----a-w- c:\windows\system32\html.iec
2012-03-23 09:47 . 2012-03-23 09:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-23 09:47 . 2012-03-23 09:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-23 09:47 . 2012-03-23 09:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-23 09:47 . 2012-03-23 09:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-23 09:47 . 2012-03-23 09:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-23 09:47 . 2012-03-23 09:47 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-23 09:47 . 2012-03-23 09:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-23 09:47 . 2012-03-23 09:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-23 09:47 . 2012-03-23 09:47 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-23 09:47 . 2012-03-23 09:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-23 09:47 . 2012-03-23 09:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-23 09:47 . 2012-03-23 09:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-23 09:47 . 2012-03-23 09:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-23 09:47 . 2012-03-23 09:47 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-23 09:47 . 2012-03-23 09:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-23 09:47 . 2012-03-23 09:47 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-23 09:47 . 2012-03-23 09:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-23 09:47 . 2012-03-23 09:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-23 09:47 . 2012-03-23 09:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-21 18:13 . 2012-02-14 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 07:55 . 2012-05-09 13:37 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
"Spotify Web Helper"="c:\users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-07 932528]
"LolMatches Client"="c:\program files (x86)\LolMatches\LolMatches Client.exe" [2012-05-30 1178624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-05-25 992648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257696]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-25 785344]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 16:47]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 12:48]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 12:48]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566133550-189038809-3792320589-1000Core.job
- c:\users\Ziggy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 12:38]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566133550-189038809-3792320589-1000UA.job
- c:\users\Ziggy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 12:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-02-14 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6e3b5a04000000000000c417fe9bc06a
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273602125416l0368z1k5t4821d717
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ziggy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Ziggy\AppData\Roaming\Mozilla\Firefox\Profiles\cniyebok.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Completion time: 2012-06-12 16:42:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 15:42
.
Pre-Run: 112,938,676,224 bytes free
Post-Run: 115,768,233,984 bytes free
.
- - End Of File - - 2164D7FB28E1DE6CCDBCD3080A057C09



Im not sure if its ended as the redirecting was very random, didnt happen often and the audio played when it wanted, there was no program id open to start it

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 12 June 2012 - 11:56 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 12 June 2012 - 04:12 PM

21:40:33.0526 4524 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:40:34.0006 4524 ============================================================
21:40:34.0006 4524 Current date / time: 2012/06/12 21:40:34.0006
21:40:34.0006 4524 SystemInfo:
21:40:34.0006 4524
21:40:34.0006 4524 OS Version: 6.1.7600 ServicePack: 0.0
21:40:34.0006 4524 Product type: Workstation
21:40:34.0006 4524 ComputerName: ZIGGY-PC
21:40:34.0006 4524 UserName: Ziggy
21:40:34.0006 4524 Windows directory: C:\Windows
21:40:34.0006 4524 System windows directory: C:\Windows
21:40:34.0006 4524 Running under WOW64
21:40:34.0006 4524 Processor architecture: Intel x64
21:40:34.0006 4524 Number of processors: 4
21:40:34.0006 4524 Page size: 0x1000
21:40:34.0006 4524 Boot type: Normal boot
21:40:34.0006 4524 ============================================================
21:40:40.0317 4524 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:40.0338 4524 ============================================================
21:40:40.0338 4524 \Device\Harddisk0\DR0:
21:40:40.0338 4524 MBR partitions:
21:40:40.0338 4524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
21:40:40.0338 4524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x1B82E970
21:40:40.0338 4524 ============================================================
21:40:40.0358 4524 C: <-> \Device\Harddisk0\DR0\Partition1
21:40:40.0718 4524 ============================================================
21:40:40.0718 4524 Initialize success
21:40:40.0718 4524 ============================================================
21:40:54.0759 2560 ============================================================
21:40:54.0759 2560 Scan started
21:40:54.0759 2560 Mode: Manual;
21:40:54.0759 2560 ============================================================
21:41:05.0251 2560 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:41:05.0351 2560 1394ohci - ok
21:41:06.0791 2560 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:41:06.0901 2560 ACPI - ok
21:41:07.0441 2560 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:41:07.0441 2560 AcpiPmi - ok
21:41:08.0791 2560 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:41:08.0801 2560 AdobeFlashPlayerUpdateSvc - ok
21:41:09.0251 2560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:41:09.0281 2560 adp94xx - ok
21:41:10.0042 2560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:41:10.0152 2560 adpahci - ok
21:41:10.0992 2560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:41:11.0002 2560 adpu320 - ok
21:41:11.0102 2560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:41:11.0102 2560 AeLookupSvc - ok
21:41:11.0292 2560 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:41:11.0312 2560 AFD - ok
21:41:11.0623 2560 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
21:41:11.0653 2560 AgereModemAudio - ok
21:41:13.0063 2560 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
21:41:13.0123 2560 AgereSoftModem - ok
21:41:13.0463 2560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:41:13.0583 2560 agp440 - ok
21:41:14.0163 2560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:41:14.0173 2560 ALG - ok
21:41:14.0343 2560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:41:14.0413 2560 aliide - ok
21:41:14.0563 2560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:41:14.0603 2560 amdide - ok
21:41:14.0883 2560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:41:14.0923 2560 AmdK8 - ok
21:41:14.0943 2560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:41:14.0973 2560 AmdPPM - ok
21:41:15.0083 2560 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:41:15.0113 2560 amdsata - ok
21:41:15.0293 2560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:41:15.0323 2560 amdsbs - ok
21:41:15.0423 2560 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:41:15.0423 2560 amdxata - ok
21:41:15.0534 2560 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
21:41:15.0534 2560 AmUStor - ok
21:41:15.0674 2560 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:41:15.0674 2560 AppID - ok
21:41:15.0774 2560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:41:15.0774 2560 AppIDSvc - ok
21:41:15.0864 2560 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:41:15.0864 2560 Appinfo - ok
21:41:16.0104 2560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:41:16.0124 2560 Apple Mobile Device - ok
21:41:16.0994 2560 Application Updater (ba916091087e6be21d3c30eec71ed338) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
21:41:17.0034 2560 Application Updater - ok
21:41:17.0144 2560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:41:17.0164 2560 arc - ok
21:41:17.0264 2560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:41:17.0314 2560 arcsas - ok
21:41:17.0725 2560 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:41:17.0725 2560 aspnet_state - ok
21:41:17.0805 2560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:17.0835 2560 AsyncMac - ok
21:41:17.0925 2560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:41:17.0985 2560 atapi - ok
21:41:18.0515 2560 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
21:41:18.0605 2560 athr - ok
21:41:19.0475 2560 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:41:19.0515 2560 AudioEndpointBuilder - ok
21:41:19.0535 2560 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:41:19.0535 2560 AudioSrv - ok
21:41:19.0695 2560 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:41:19.0705 2560 AxInstSV - ok
21:41:20.0165 2560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:41:20.0205 2560 b06bdrv - ok
21:41:20.0546 2560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:41:20.0606 2560 b57nd60a - ok
21:41:25.0578 2560 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:41:25.0618 2560 BCM43XX - ok
21:41:25.0728 2560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:41:25.0748 2560 BDESVC - ok
21:41:25.0948 2560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:41:25.0958 2560 Beep - ok
21:41:26.0308 2560 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:41:26.0348 2560 BFE - ok
21:41:27.0348 2560 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:41:27.0559 2560 BITS - ok
21:41:27.0779 2560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:27.0789 2560 blbdrive - ok
21:41:28.0159 2560 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:41:28.0169 2560 Bonjour Service - ok
21:41:28.0319 2560 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:41:28.0319 2560 bowser - ok
21:41:28.0429 2560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:41:28.0429 2560 BrFiltLo - ok
21:41:28.0499 2560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:41:28.0499 2560 BrFiltUp - ok
21:41:28.0609 2560 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:41:28.0609 2560 BridgeMP - ok
21:41:28.0749 2560 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:41:28.0749 2560 Browser - ok
21:41:28.0879 2560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:41:28.0879 2560 Brserid - ok
21:41:29.0009 2560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:29.0009 2560 BrSerWdm - ok
21:41:29.0119 2560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:29.0119 2560 BrUsbMdm - ok
21:41:29.0179 2560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:29.0179 2560 BrUsbSer - ok
21:41:29.0229 2560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:41:29.0229 2560 BTHMODEM - ok
21:41:29.0339 2560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:41:29.0359 2560 bthserv - ok
21:41:29.0419 2560 catchme - ok
21:41:29.0479 2560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:29.0479 2560 cdfs - ok
21:41:29.0559 2560 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:29.0559 2560 cdrom - ok
21:41:29.0729 2560 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:41:29.0739 2560 CertPropSvc - ok
21:41:29.0819 2560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:41:29.0829 2560 circlass - ok
21:41:29.0909 2560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:41:29.0929 2560 CLFS - ok
21:41:30.0139 2560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:30.0139 2560 clr_optimization_v2.0.50727_32 - ok
21:41:30.0669 2560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:41:30.0689 2560 clr_optimization_v2.0.50727_64 - ok
21:41:30.0949 2560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:41:31.0059 2560 clr_optimization_v4.0.30319_32 - ok
21:41:31.0499 2560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:41:31.0529 2560 clr_optimization_v4.0.30319_64 - ok
21:41:31.0690 2560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:31.0690 2560 CmBatt - ok
21:41:31.0760 2560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:41:31.0770 2560 cmdide - ok
21:41:32.0180 2560 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:41:32.0210 2560 CNG - ok
21:41:32.0400 2560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:32.0400 2560 Compbatt - ok
21:41:32.0510 2560 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:41:32.0510 2560 CompositeBus - ok
21:41:32.0530 2560 COMSysApp - ok
21:41:32.0590 2560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:41:32.0590 2560 crcdisk - ok
21:41:32.0790 2560 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:41:32.0790 2560 CryptSvc - ok
21:41:32.0940 2560 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:41:32.0950 2560 DcomLaunch - ok
21:41:33.0100 2560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:41:33.0110 2560 defragsvc - ok
21:41:33.0210 2560 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:41:33.0220 2560 DfsC - ok
21:41:33.0720 2560 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:41:33.0730 2560 Dhcp - ok
21:41:34.0010 2560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:41:34.0060 2560 discache - ok
21:41:34.0150 2560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:41:34.0150 2560 Disk - ok
21:41:34.0740 2560 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
21:41:34.0740 2560 DKbFltr - ok
21:41:34.0870 2560 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:41:34.0880 2560 Dnscache - ok
21:41:35.0000 2560 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:41:35.0010 2560 dot3svc - ok
21:41:35.0540 2560 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:41:35.0540 2560 DPS - ok
21:41:35.0651 2560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:41:35.0651 2560 drmkaud - ok
21:41:35.0861 2560 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:41:35.0871 2560 dtsoftbus01 - ok
21:41:36.0021 2560 dump_wmimmc - ok
21:41:36.0401 2560 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:41:36.0441 2560 DXGKrnl - ok
21:41:36.0581 2560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:41:36.0611 2560 EapHost - ok
21:41:39.0021 2560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:41:39.0111 2560 ebdrv - ok
21:41:39.0491 2560 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:41:39.0491 2560 EFS - ok
21:41:39.0811 2560 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:41:39.0901 2560 ehRecvr - ok
21:41:39.0981 2560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:41:39.0981 2560 ehSched - ok
21:41:40.0211 2560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:41:40.0271 2560 elxstor - ok
21:41:40.0972 2560 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:41:41.0022 2560 ePowerSvc - ok
21:41:41.0482 2560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:41:41.0482 2560 ErrDev - ok
21:41:41.0853 2560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:41:41.0863 2560 EventSystem - ok
21:41:41.0923 2560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:41:41.0933 2560 exfat - ok
21:41:41.0983 2560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:41:41.0983 2560 fastfat - ok
21:41:42.0373 2560 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:41:42.0383 2560 Fax - ok
21:41:42.0533 2560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:41:42.0543 2560 fdc - ok
21:41:42.0593 2560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:41:42.0593 2560 fdPHost - ok
21:41:42.0624 2560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:41:42.0624 2560 FDResPub - ok
21:41:42.0664 2560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:41:42.0664 2560 FileInfo - ok
21:41:42.0734 2560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:41:42.0744 2560 Filetrace - ok
21:41:42.0794 2560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:41:42.0794 2560 flpydisk - ok
21:41:42.0904 2560 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:41:42.0914 2560 FltMgr - ok
21:41:43.0834 2560 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:41:43.0884 2560 FontCache - ok
21:41:44.0074 2560 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:41:44.0074 2560 FontCache3.0.0.0 - ok
21:41:44.0254 2560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:41:44.0254 2560 FsDepends - ok
21:41:44.0324 2560 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:41:44.0324 2560 Fs_Rec - ok
21:41:44.0494 2560 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:41:44.0494 2560 fvevol - ok
21:41:44.0604 2560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:41:44.0604 2560 gagp30kx - ok
21:41:44.0715 2560 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:41:44.0715 2560 GEARAspiWDM - ok
21:41:44.0905 2560 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:41:44.0915 2560 gpsvc - ok
21:41:45.0845 2560 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:41:45.0905 2560 Greg_Service - ok
21:41:46.0460 2560 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:46.0462 2560 gupdate - ok
21:41:46.0493 2560 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:46.0495 2560 gupdatem - ok
21:41:46.0671 2560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:41:46.0671 2560 gusvc - ok
21:41:47.0483 2560 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:41:47.0483 2560 hamachi - ok
21:41:48.0403 2560 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:41:48.0553 2560 Hamachi2Svc - ok
21:41:48.0864 2560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:41:48.0864 2560 hcw85cir - ok
21:41:49.0224 2560 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:41:49.0244 2560 HdAudAddService - ok
21:41:49.0384 2560 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:41:49.0394 2560 HDAudBus - ok
21:41:49.0564 2560 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:41:49.0564 2560 HECIx64 - ok
21:41:49.0624 2560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:41:49.0624 2560 HidBatt - ok
21:41:49.0654 2560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:41:49.0654 2560 HidBth - ok
21:41:49.0664 2560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:41:49.0664 2560 HidIr - ok
21:41:49.0754 2560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:41:49.0764 2560 hidserv - ok
21:41:49.0914 2560 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:41:49.0914 2560 HidUsb - ok
21:41:50.0054 2560 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:41:50.0074 2560 hkmsvc - ok
21:41:50.0234 2560 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:41:50.0254 2560 HomeGroupListener - ok
21:41:50.0334 2560 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:41:50.0334 2560 HomeGroupProvider - ok
21:41:50.0554 2560 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:41:50.0554 2560 HpSAMD - ok
21:41:50.0805 2560 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:41:50.0855 2560 HTTP - ok
21:41:51.0045 2560 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:41:51.0065 2560 hwpolicy - ok
21:41:51.0695 2560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:41:51.0695 2560 i8042prt - ok
21:41:52.0895 2560 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:41:52.0935 2560 IAANTMON - ok
21:41:53.0855 2560 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:41:53.0855 2560 iaStor - ok
21:41:54.0315 2560 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:41:54.0335 2560 iaStorV - ok
21:41:55.0316 2560 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:41:55.0426 2560 idsvc - ok
21:42:00.0172 2560 igfx (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:42:00.0672 2560 igfx - ok
21:42:01.0453 2560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:42:01.0453 2560 iirsp - ok
21:42:01.0803 2560 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:42:01.0893 2560 IKEEXT - ok
21:42:02.0063 2560 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:42:02.0063 2560 Impcd - ok
21:42:02.0973 2560 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
21:42:03.0023 2560 IntcAzAudAddService - ok
21:42:03.0263 2560 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:42:03.0263 2560 IntcDAud - ok
21:42:03.0393 2560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:42:03.0393 2560 intelide - ok
21:42:03.0423 2560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:42:03.0423 2560 intelppm - ok
21:42:03.0443 2560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:42:03.0453 2560 IPBusEnum - ok
21:42:03.0493 2560 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:42:03.0493 2560 IpFilterDriver - ok
21:42:04.0255 2560 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:42:04.0285 2560 iphlpsvc - ok
21:42:04.0335 2560 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:42:04.0335 2560 IPMIDRV - ok
21:42:04.0385 2560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:42:04.0385 2560 IPNAT - ok
21:42:06.0125 2560 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:42:06.0165 2560 iPod Service - ok
21:42:06.0265 2560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:42:06.0265 2560 IRENUM - ok
21:42:06.0335 2560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:42:06.0365 2560 isapnp - ok
21:42:07.0116 2560 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:42:07.0136 2560 iScsiPrt - ok
21:42:07.0796 2560 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:42:07.0826 2560 k57nd60a - ok
21:42:08.0096 2560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:42:08.0096 2560 kbdclass - ok
21:42:08.0286 2560 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:42:08.0366 2560 kbdhid - ok
21:42:08.0596 2560 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:42:08.0596 2560 KeyIso - ok
21:42:09.0186 2560 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:42:09.0226 2560 KSecDD - ok
21:42:09.0606 2560 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:42:09.0666 2560 KSecPkg - ok
21:42:09.0796 2560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:42:09.0796 2560 ksthunk - ok
21:42:10.0106 2560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:42:10.0216 2560 KtmRm - ok
21:42:10.0256 2560 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
21:42:10.0266 2560 L1E - ok
21:42:10.0346 2560 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:42:10.0396 2560 LanmanServer - ok
21:42:11.0136 2560 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:42:11.0136 2560 LanmanWorkstation - ok
21:42:11.0206 2560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:42:11.0206 2560 lltdio - ok
21:42:11.0276 2560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:42:11.0276 2560 lltdsvc - ok
21:42:11.0296 2560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:42:11.0306 2560 lmhosts - ok
21:42:11.0716 2560 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:42:11.0736 2560 LMS - ok
21:42:11.0877 2560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:42:11.0887 2560 LSI_FC - ok
21:42:11.0897 2560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:42:11.0897 2560 LSI_SAS - ok
21:42:11.0927 2560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:42:11.0927 2560 LSI_SAS2 - ok
21:42:12.0047 2560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:42:12.0057 2560 LSI_SCSI - ok
21:42:12.0147 2560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:42:12.0147 2560 luafv - ok
21:42:12.0227 2560 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:42:12.0247 2560 MBAMProtector - ok
21:42:12.0917 2560 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:42:12.0957 2560 MBAMService - ok
21:42:13.0007 2560 McAfee SiteAdvisor Service - ok
21:42:13.0047 2560 McShield - ok
21:42:13.0047 2560 McSysmon - ok
21:42:13.0087 2560 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:42:13.0087 2560 Mcx2Svc - ok
21:42:13.0117 2560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:42:13.0117 2560 megasas - ok
21:42:13.0157 2560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:42:13.0157 2560 MegaSR - ok
21:42:13.0237 2560 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:42:13.0237 2560 Microsoft Office Groove Audit Service - ok
21:42:13.0287 2560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:42:13.0287 2560 MMCSS - ok
21:42:13.0357 2560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:42:13.0357 2560 Modem - ok
21:42:13.0377 2560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:42:13.0377 2560 monitor - ok
21:42:13.0417 2560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:42:13.0417 2560 mouclass - ok
21:42:13.0477 2560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:42:13.0477 2560 mouhid - ok
21:42:13.0507 2560 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:42:13.0517 2560 mountmgr - ok
21:42:13.0707 2560 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:42:13.0707 2560 MozillaMaintenance - ok
21:42:13.0847 2560 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:42:13.0847 2560 mpio - ok
21:42:13.0947 2560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:42:13.0967 2560 mpsdrv - ok
21:42:15.0507 2560 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:42:15.0567 2560 MpsSvc - ok
21:42:15.0707 2560 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:42:15.0717 2560 MRxDAV - ok
21:42:15.0787 2560 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:42:15.0797 2560 mrxsmb - ok
21:42:15.0847 2560 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:42:15.0847 2560 mrxsmb10 - ok
21:42:15.0917 2560 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:42:15.0927 2560 mrxsmb20 - ok
21:42:15.0987 2560 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:42:15.0997 2560 msahci - ok
21:42:16.0087 2560 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:42:16.0107 2560 msdsm - ok
21:42:16.0527 2560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:42:16.0547 2560 MSDTC - ok
21:42:16.0848 2560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:42:16.0858 2560 Msfs - ok
21:42:16.0918 2560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:42:16.0918 2560 mshidkmdf - ok
21:42:16.0978 2560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:42:16.0978 2560 msisadrv - ok
21:42:17.0128 2560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:42:17.0128 2560 MSiSCSI - ok
21:42:17.0138 2560 msiserver - ok
21:42:17.0188 2560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:42:17.0188 2560 MSKSSRV - ok
21:42:17.0208 2560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:42:17.0208 2560 MSPCLOCK - ok
21:42:17.0258 2560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:42:17.0278 2560 MSPQM - ok
21:42:17.0308 2560 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:42:17.0308 2560 MsRPC - ok
21:42:17.0338 2560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:42:17.0338 2560 mssmbios - ok
21:42:17.0338 2560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:42:17.0338 2560 MSTEE - ok
21:42:17.0368 2560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:42:17.0368 2560 MTConfig - ok
21:42:17.0458 2560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:42:17.0458 2560 Mup - ok
21:42:17.0508 2560 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:42:17.0508 2560 mwlPSDFilter - ok
21:42:17.0538 2560 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:42:17.0538 2560 mwlPSDNServ - ok
21:42:17.0558 2560 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:42:17.0558 2560 mwlPSDVDisk - ok
21:42:17.0708 2560 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:42:17.0708 2560 MWLService - ok
21:42:18.0178 2560 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:42:18.0218 2560 napagent - ok
21:42:18.0278 2560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:42:18.0288 2560 NativeWifiP - ok
21:42:18.0948 2560 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:42:19.0008 2560 NDIS - ok
21:42:19.0168 2560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:42:19.0168 2560 NdisCap - ok
21:42:19.0188 2560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:42:19.0188 2560 NdisTapi - ok
21:42:19.0218 2560 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:42:19.0218 2560 Ndisuio - ok
21:42:19.0258 2560 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:42:19.0258 2560 NdisWan - ok
21:42:19.0288 2560 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:42:19.0298 2560 NDProxy - ok
21:42:19.0328 2560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:42:19.0328 2560 NetBIOS - ok
21:42:19.0348 2560 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:42:19.0348 2560 NetBT - ok
21:42:19.0378 2560 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:42:19.0378 2560 Netlogon - ok
21:42:19.0448 2560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:42:19.0468 2560 Netman - ok
21:42:19.0608 2560 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:42:19.0618 2560 NetMsmqActivator - ok
21:42:19.0628 2560 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:42:19.0638 2560 NetPipeActivator - ok
21:42:19.0778 2560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:42:19.0778 2560 netprofm - ok
21:42:19.0788 2560 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:42:19.0788 2560 NetTcpActivator - ok
21:42:19.0798 2560 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:42:19.0798 2560 NetTcpPortSharing - ok
21:42:20.0278 2560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:42:20.0278 2560 nfrd960 - ok
21:42:20.0338 2560 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:42:20.0338 2560 NlaSvc - ok
21:42:20.0478 2560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:42:20.0478 2560 Npfs - ok
21:42:20.0478 2560 npggsvc - ok
21:42:20.0488 2560 NPPTNT2 - ok
21:42:20.0538 2560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:42:20.0548 2560 nsi - ok
21:42:20.0618 2560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:42:20.0618 2560 nsiproxy - ok
21:42:21.0099 2560 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:42:21.0159 2560 Ntfs - ok
21:42:21.0329 2560 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:42:21.0329 2560 NTI IScheduleSvc - ok
21:42:21.0479 2560 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:42:21.0479 2560 NTIBackupSvc - ok
21:42:22.0380 2560 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:42:22.0400 2560 NTIDrvr - ok
21:42:22.0470 2560 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:42:22.0500 2560 NTISchedulerSvc - ok
21:42:22.0560 2560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:42:22.0570 2560 Null - ok
21:42:22.0600 2560 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:42:22.0600 2560 nvraid - ok
21:42:22.0630 2560 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:42:22.0630 2560 nvstor - ok
21:42:22.0750 2560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:42:22.0770 2560 nv_agp - ok
21:42:23.0660 2560 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:42:23.0770 2560 odserv - ok
21:42:23.0871 2560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:42:23.0871 2560 ohci1394 - ok
21:42:23.0961 2560 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:42:23.0961 2560 ose - ok
21:42:24.0271 2560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:42:24.0321 2560 p2pimsvc - ok
21:42:24.0571 2560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:42:24.0581 2560 p2psvc - ok
21:42:24.0651 2560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:42:24.0661 2560 Parport - ok
21:42:24.0911 2560 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:42:24.0911 2560 partmgr - ok
21:42:25.0021 2560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:42:25.0041 2560 PcaSvc - ok
21:42:25.0091 2560 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:42:25.0091 2560 pci - ok
21:42:25.0161 2560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:42:25.0181 2560 pciide - ok
21:42:25.0231 2560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:42:25.0241 2560 pcmcia - ok
21:42:25.0421 2560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:42:25.0431 2560 pcw - ok
21:42:25.0641 2560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:42:25.0651 2560 PEAUTH - ok
21:42:25.0791 2560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:42:25.0791 2560 PerfHost - ok
21:42:26.0711 2560 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:42:26.0761 2560 pla - ok
21:42:28.0122 2560 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:42:28.0172 2560 PlugPlay - ok
21:42:28.0332 2560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:42:28.0342 2560 PNRPAutoReg - ok
21:42:28.0412 2560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:42:28.0412 2560 PNRPsvc - ok
21:42:28.0482 2560 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:42:28.0522 2560 PolicyAgent - ok
21:42:29.0102 2560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:42:29.0132 2560 Power - ok
21:42:29.0232 2560 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:42:29.0232 2560 PptpMiniport - ok
21:42:29.0412 2560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:42:29.0412 2560 Processor - ok
21:42:29.0732 2560 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:42:29.0732 2560 ProfSvc - ok
21:42:29.0772 2560 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:42:29.0772 2560 ProtectedStorage - ok
21:42:29.0812 2560 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:42:29.0822 2560 Psched - ok
21:42:30.0372 2560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:42:30.0472 2560 ql2300 - ok
21:42:30.0782 2560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:42:30.0782 2560 ql40xx - ok
21:42:30.0862 2560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:42:30.0872 2560 QWAVE - ok
21:42:30.0892 2560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:42:30.0902 2560 QWAVEdrv - ok
21:42:30.0922 2560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:42:30.0922 2560 RasAcd - ok
21:42:30.0962 2560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:42:30.0962 2560 RasAgileVpn - ok
21:42:31.0012 2560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:42:31.0022 2560 RasAuto - ok
21:42:31.0362 2560 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:42:31.0382 2560 Rasl2tp - ok
21:42:31.0412 2560 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:42:31.0442 2560 RasMan - ok
21:42:31.0492 2560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:42:31.0492 2560 RasPppoe - ok
21:42:31.0742 2560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:42:31.0772 2560 RasSstp - ok
21:42:32.0272 2560 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:42:32.0302 2560 rdbss - ok
21:42:32.0352 2560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:42:32.0352 2560 rdpbus - ok
21:42:32.0372 2560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:42:32.0372 2560 RDPCDD - ok
21:42:32.0402 2560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:42:32.0402 2560 RDPENCDD - ok
21:42:32.0422 2560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:42:32.0422 2560 RDPREFMP - ok
21:42:32.0492 2560 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:42:32.0492 2560 RDPWD - ok
21:42:32.0632 2560 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:42:32.0632 2560 rdyboost - ok
21:42:32.0672 2560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:42:32.0682 2560 RemoteAccess - ok
21:42:33.0323 2560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:42:33.0323 2560 RemoteRegistry - ok
21:42:33.0533 2560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:42:33.0553 2560 RpcEptMapper - ok
21:42:33.0613 2560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:42:33.0623 2560 RpcLocator - ok
21:42:33.0773 2560 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:42:33.0773 2560 RpcSs - ok
21:42:33.0833 2560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:42:33.0833 2560 rspndr - ok
21:42:33.0873 2560 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys
21:42:33.0883 2560 s0017bus - ok
21:42:33.0983 2560 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys
21:42:34.0013 2560 s0017mdfl - ok
21:42:34.0033 2560 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys
21:42:34.0043 2560 s0017mdm - ok
21:42:34.0093 2560 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys
21:42:34.0103 2560 s0017mgmt - ok
21:42:34.0173 2560 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys
21:42:34.0173 2560 s0017nd5 - ok
21:42:34.0473 2560 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys
21:42:34.0513 2560 s0017obex - ok
21:42:34.0543 2560 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys
21:42:34.0543 2560 s0017unic - ok
21:42:34.0623 2560 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:42:34.0623 2560 SamSs - ok
21:42:34.0953 2560 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:42:34.0963 2560 sbp2port - ok
21:42:35.0043 2560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:42:35.0043 2560 SCardSvr - ok
21:42:35.0103 2560 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:42:35.0103 2560 scfilter - ok
21:42:35.0833 2560 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:42:35.0893 2560 Schedule - ok
21:42:36.0033 2560 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:42:36.0033 2560 SCPolicySvc - ok
21:42:36.0133 2560 ScreamBAudioSvc (ef0c4a3bd1749684514ee871a355969e) C:\Windows\system32\drivers\ScreamingBAudio64.sys
21:42:36.0153 2560 ScreamBAudioSvc - ok
21:42:36.0213 2560 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:42:36.0213 2560 SDRSVC - ok
21:42:36.0253 2560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:42:36.0253 2560 secdrv - ok
21:42:36.0393 2560 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:42:36.0423 2560 seclogon - ok
21:42:36.0443 2560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:42:36.0443 2560 SENS - ok
21:42:36.0483 2560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:42:36.0493 2560 SensrSvc - ok
21:42:36.0533 2560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:42:36.0533 2560 Serenum - ok
21:42:36.0563 2560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:42:36.0563 2560 Serial - ok
21:42:36.0593 2560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:42:36.0593 2560 sermouse - ok
21:42:36.0913 2560 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:42:36.0923 2560 SessionEnv - ok
21:42:36.0993 2560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:42:36.0993 2560 sffdisk - ok
21:42:37.0023 2560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:42:37.0023 2560 sffp_mmc - ok
21:42:37.0043 2560 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:42:37.0043 2560 sffp_sd - ok
21:42:37.0053 2560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:42:37.0053 2560 sfloppy - ok
21:42:37.0103 2560 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:42:37.0113 2560 SharedAccess - ok
21:42:37.0293 2560 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:42:37.0303 2560 ShellHWDetection - ok
21:42:37.0333 2560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:42:37.0333 2560 SiSRaid2 - ok
21:42:37.0363 2560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:42:37.0373 2560 SiSRaid4 - ok
21:42:38.0074 2560 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:42:38.0074 2560 SkypeUpdate - ok
21:42:38.0304 2560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:42:38.0304 2560 Smb - ok
21:42:38.0384 2560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:42:38.0384 2560 SNMPTRAP - ok
21:42:38.0474 2560 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:42:38.0474 2560 Sony PC Companion - ok
21:42:38.0574 2560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:42:38.0574 2560 spldr - ok
21:42:38.0614 2560 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:42:38.0624 2560 Spooler - ok
21:42:39.0784 2560 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:42:39.0854 2560 sppsvc - ok
21:42:40.0424 2560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:42:40.0424 2560 sppuinotify - ok
21:42:41.0004 2560 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:42:41.0014 2560 srv - ok
21:42:41.0674 2560 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:42:41.0674 2560 srv2 - ok
21:42:41.0774 2560 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:42:41.0774 2560 srvnet - ok
21:42:42.0204 2560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:42:42.0214 2560 SSDPSRV - ok
21:42:42.0244 2560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:42:42.0244 2560 SstpSvc - ok
21:42:42.0314 2560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:42:42.0314 2560 stexstor - ok
21:42:42.0464 2560 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:42:42.0464 2560 stisvc - ok
21:42:42.0634 2560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:42:42.0654 2560 swenum - ok
21:42:42.0724 2560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:42:42.0734 2560 swprv - ok
21:42:42.0794 2560 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
21:42:42.0804 2560 SynTP - ok
21:42:44.0825 2560 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:42:44.0905 2560 SysMain - ok
21:42:47.0136 2560 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:42:47.0146 2560 TabletInputService - ok
21:42:47.0496 2560 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:42:47.0556 2560 TapiSrv - ok
21:42:47.0936 2560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:42:47.0966 2560 TBS - ok
21:42:49.0406 2560 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:42:49.0476 2560 Tcpip - ok
21:42:51.0577 2560 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:42:51.0587 2560 TCPIP6 - ok
21:42:52.0087 2560 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:42:52.0087 2560 tcpipreg - ok
21:42:52.0117 2560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:42:52.0117 2560 TDPIPE - ok
21:42:52.0157 2560 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:42:52.0157 2560 TDTCP - ok
21:42:52.0177 2560 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:42:52.0187 2560 tdx - ok
21:42:52.0337 2560 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:42:52.0337 2560 TermDD - ok
21:42:52.0607 2560 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:42:52.0917 2560 TermService - ok
21:42:52.0987 2560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:42:52.0997 2560 Themes - ok
21:42:53.0027 2560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:42:53.0027 2560 THREADORDER - ok
21:42:53.0257 2560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:42:53.0277 2560 TrkWks - ok
21:42:53.0717 2560 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:42:53.0717 2560 TrustedInstaller - ok
21:42:53.0817 2560 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:42:53.0837 2560 tssecsrv - ok
21:42:53.0907 2560 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:42:53.0907 2560 tunnel - ok
21:42:54.0037 2560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:42:54.0037 2560 uagp35 - ok
21:42:54.0137 2560 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:42:54.0147 2560 UBHelper - ok
21:42:54.0217 2560 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:42:54.0227 2560 udfs - ok
21:42:54.0357 2560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:42:54.0367 2560 UI0Detect - ok
21:42:54.0407 2560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:42:54.0407 2560 uliagpkx - ok
21:42:54.0747 2560 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:42:54.0747 2560 umbus - ok
21:42:54.0787 2560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:42:54.0787 2560 UmPass - ok
21:42:56.0438 2560 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:42:56.0598 2560 UNS - ok
21:42:56.0818 2560 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:42:56.0818 2560 Updater Service - ok
21:42:57.0298 2560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:42:57.0298 2560 upnphost - ok
21:42:57.0488 2560 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:42:57.0488 2560 USBAAPL64 - ok
21:42:57.0918 2560 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:42:57.0918 2560 usbccgp - ok
21:42:58.0079 2560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:42:58.0089 2560 usbcir - ok
21:42:58.0129 2560 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:42:58.0129 2560 usbehci - ok
21:42:58.0249 2560 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:42:58.0249 2560 usbhub - ok
21:42:58.0299 2560 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:42:58.0299 2560 usbohci - ok
21:42:58.0379 2560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:42:58.0379 2560 usbprint - ok
21:42:58.0609 2560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:42:58.0629 2560 usbscan - ok
21:42:58.0759 2560 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:42:58.0759 2560 USBSTOR - ok
21:42:58.0859 2560 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:42:58.0869 2560 usbuhci - ok
21:42:58.0919 2560 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:42:58.0919 2560 usbvideo - ok
21:42:59.0019 2560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:42:59.0029 2560 UxSms - ok
21:42:59.0059 2560 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:42:59.0059 2560 VaultSvc - ok
21:42:59.0109 2560 VCSVADHWSer (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys
21:42:59.0109 2560 VCSVADHWSer - ok
21:42:59.0119 2560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:42:59.0129 2560 vdrvroot - ok
21:43:00.0099 2560 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:43:00.0169 2560 vds - ok
21:43:00.0269 2560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:43:00.0269 2560 vga - ok
21:43:00.0339 2560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:43:00.0339 2560 VgaSave - ok
21:43:00.0409 2560 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:43:00.0419 2560 vhdmp - ok
21:43:00.0479 2560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:43:00.0479 2560 viaide - ok
21:43:00.0669 2560 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:43:00.0669 2560 volmgr - ok
21:43:00.0709 2560 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:43:00.0719 2560 volmgrx - ok
21:43:00.0909 2560 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:43:00.0919 2560 volsnap - ok
21:43:01.0419 2560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:43:01.0429 2560 vsmraid - ok
21:43:01.0769 2560 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:43:01.0849 2560 VSS - ok
21:43:02.0299 2560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:43:02.0309 2560 vwifibus - ok
21:43:02.0319 2560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:43:02.0329 2560 vwififlt - ok
21:43:02.0369 2560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:43:02.0379 2560 W32Time - ok
21:43:02.0399 2560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:43:02.0399 2560 WacomPen - ok
21:43:02.0479 2560 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:43:02.0479 2560 WANARP - ok
21:43:02.0489 2560 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:43:02.0489 2560 Wanarpv6 - ok
21:43:02.0799 2560 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:43:02.0879 2560 WatAdminSvc - ok
21:43:03.0309 2560 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:43:03.0389 2560 wbengine - ok
21:43:04.0309 2560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:43:04.0319 2560 WbioSrvc - ok
21:43:04.0539 2560 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:43:04.0549 2560 wcncsvc - ok
21:43:04.0639 2560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:43:04.0649 2560 WcsPlugInService - ok
21:43:04.0699 2560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:43:04.0699 2560 Wd - ok
21:43:04.0989 2560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:43:04.0999 2560 Wdf01000 - ok
21:43:05.0109 2560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:43:05.0109 2560 WdiServiceHost - ok
21:43:05.0109 2560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:43:05.0119 2560 WdiSystemHost - ok
21:43:05.0589 2560 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:43:05.0599 2560 WebClient - ok
21:43:05.0689 2560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:43:05.0699 2560 Wecsvc - ok
21:43:05.0719 2560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:43:05.0719 2560 wercplsupport - ok
21:43:05.0749 2560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:43:05.0759 2560 WerSvc - ok
21:43:05.0869 2560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:43:05.0869 2560 WfpLwf - ok
21:43:05.0909 2560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:43:05.0909 2560 WIMMount - ok
21:43:05.0959 2560 WinDefend - ok
21:43:05.0969 2560 WinHttpAutoProxySvc - ok
21:43:06.0209 2560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:43:06.0269 2560 Winmgmt - ok
21:43:07.0250 2560 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:43:07.0330 2560 WinRM - ok
21:43:08.0941 2560 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:43:09.0041 2560 WinUsb - ok
21:43:09.0851 2560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:43:09.0901 2560 Wlansvc - ok
21:43:10.0061 2560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:43:10.0101 2560 WmiAcpi - ok
21:43:10.0381 2560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:43:10.0391 2560 wmiApSrv - ok
21:43:10.0481 2560 WMPNetworkSvc - ok
21:43:10.0541 2560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:43:10.0571 2560 WPCSvc - ok
21:43:10.0811 2560 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:43:10.0811 2560 WPDBusEnum - ok
21:43:10.0891 2560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:43:10.0891 2560 ws2ifsl - ok
21:43:11.0172 2560 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:43:11.0182 2560 wscsvc - ok
21:43:11.0412 2560 WSearch - ok
21:43:13.0082 2560 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:43:13.0162 2560 wuauserv - ok
21:43:14.0436 2560 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:43:14.0438 2560 WudfPf - ok
21:43:14.0518 2560 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:43:14.0522 2560 WUDFRd - ok
21:43:14.0561 2560 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:43:14.0561 2560 wudfsvc - ok
21:43:14.0601 2560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:43:14.0601 2560 WwanSvc - ok
21:43:14.0651 2560 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:43:15.0401 2560 \Device\Harddisk0\DR0 - ok
21:43:15.0411 2560 Boot (0x1200) (b772af331bb5d08f2e17bccac6fb7d2c) \Device\Harddisk0\DR0\Partition0
21:43:15.0441 2560 \Device\Harddisk0\DR0\Partition0 - ok
21:43:15.0471 2560 Boot (0x1200) (9c586f39f47bdcc3017bf2e47375b273) \Device\Harddisk0\DR0\Partition1
21:43:15.0511 2560 \Device\Harddisk0\DR0\Partition1 - ok
21:43:15.0511 2560 ============================================================
21:43:15.0511 2560 Scan finished
21:43:15.0511 2560 ============================================================
21:43:16.0001 5024 Detected object count: 0
21:43:16.0001 5024 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 17:51:43
-----------------------------
17:51:43.366 OS Version: Windows x64 6.1.7600
17:51:43.366 Number of processors: 4 586 0x2502
17:51:43.366 ComputerName: ZIGGY-PC UserName: Ziggy
17:51:45.534 Initialize success
17:51:53.709 AVAST engine defs: 12061100
17:51:55.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:51:55.409 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
17:51:55.425 Disk 0 MBR read successfully
17:51:55.440 Disk 0 MBR scan
17:51:55.440 Disk 0 Windows VISTA default MBR code
17:51:55.456 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
17:51:55.487 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
17:51:55.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
17:51:55.518 Disk 0 scanning C:\Windows\system32\drivers
17:52:07.325 Service scanning
17:52:52.293 Modules scanning
17:52:52.303 Disk 0 trace - called modules:
17:52:52.442 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:52:52.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003054060]
17:52:52.795 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f54050]
17:53:00.600 AVAST engine scan C:\Windows
17:53:05.601 AVAST engine scan C:\Windows\system32
17:57:09.602 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:57:14.128 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:59:25.013 AVAST engine scan C:\Windows\system32\drivers
17:59:49.393 AVAST engine scan C:\Users\Ziggy
18:11:44.893 AVAST engine scan C:\ProgramData
18:12:19.145 Scan finished successfully
18:12:52.786 Disk 0 MBR has been saved successfully to "C:\Users\Ziggy\Desktop\MBR.dat"
18:12:52.793 The log file has been saved successfully to "C:\Users\Ziggy\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 21:44:46
-----------------------------
21:44:46.891 OS Version: Windows x64 6.1.7600
21:44:46.891 Number of processors: 4 586 0x2502
21:44:46.891 ComputerName: ZIGGY-PC UserName: Ziggy
21:45:06.117 Initialize success
21:48:22.021 AVAST engine defs: 12061201
21:49:59.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:49:59.428 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
21:49:59.448 Disk 0 MBR read successfully
21:49:59.448 Disk 0 MBR scan
21:49:59.458 Disk 0 Windows VISTA default MBR code
21:49:59.468 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
21:49:59.488 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
21:49:59.498 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
21:49:59.518 Disk 0 scanning C:\Windows\system32\drivers
21:50:08.670 Service scanning
21:50:42.341 Modules scanning
21:50:42.341 Disk 0 trace - called modules:
21:50:42.371 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:50:42.731 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800306e410]
21:50:42.741 3 CLASSPNP.SYS[fffff880015ba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f89050]
21:50:43.492 AVAST engine scan C:\Windows
21:50:47.483 AVAST engine scan C:\Windows\system32
21:54:45.048 AVAST engine scan C:\Windows\system32\drivers
21:55:05.629 AVAST engine scan C:\Users\Ziggy
22:07:14.188 AVAST engine scan C:\ProgramData
22:08:04.158 Scan finished successfully
22:10:53.934 Disk 0 MBR has been saved successfully to "C:\Users\Ziggy\Desktop\MBR.dat"
22:10:53.944 The log file has been saved successfully to "C:\Users\Ziggy\Desktop\aswMBR.txt"

The adverts havent appeared soo far, so that seems good :P

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 12 June 2012 - 09:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\Common Files\Spigot

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6e3b5a04000000000000c417fe9bc06a

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 14 June 2012 - 12:47 AM

ComboFix 12-06-13.02 - Ziggy 13/06/2012 17:17:00.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2804.1325 [GMT 1:00]
Running from: c:\users\Ziggy\Downloads\ComboFix.exe
Command switches used :: c:\users\Ziggy\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\ldrtbuTor.dll
c:\program files (x86)\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
c:\program files (x86)\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\tbuTor.dll
c:\program files (x86)\uTorrentControl2\toolbar.cfg
c:\program files (x86)\uTorrentControl2\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentControl2\uninstall.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 16:25 . 2012-06-13 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 12:05 . 2012-06-13 12:05 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-13 12:05 . 2012-06-13 12:05 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-13 12:04 . 2012-06-13 12:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-12 20:46 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 20:46 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 20:46 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 20:46 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 20:46 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 20:46 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 20:46 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 20:45 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 20:45 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 20:45 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-12 20:45 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 20:44 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 20:44 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 20:44 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 20:44 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 20:44 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 20:44 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 20:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67A0D0EE-26CD-4185-9517-2C84B94B2BED}\mpengine.dll
2012-06-10 14:10 . 2012-06-10 14:10 388096 ----a-r- c:\users\Ziggy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-10 14:10 . 2012-06-10 14:10 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-09 16:23 . 2012-06-09 16:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-09 16:09 . 2012-06-09 16:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 16:03 . 2012-06-09 16:03 -------- d-----w- c:\users\Ziggy\AppData\Roaming\ZIP RAR ACE Password Recovery
2012-06-07 09:48 . 2012-06-07 10:53 -------- d-----w- c:\users\Ziggy\AppData\Roaming\LolMatches Client
2012-06-07 09:48 . 2012-06-07 09:48 -------- d-----w- c:\program files (x86)\LolMatches
2012-06-07 01:32 . 2012-06-07 01:32 -------- d-----w- c:\users\Ziggy\AppData\Local\Mozilla
2012-06-07 01:32 . 2012-06-07 01:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-04 15:54 . 2012-06-05 14:49 -------- d-----w- C:\LOLPBE
2012-06-02 09:07 . 2012-06-02 09:07 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 17:05 . 2012-05-31 17:10 -------- d-----w- c:\users\Ziggy\AppData\Roaming\.minecraft
2012-05-26 15:44 . 2012-05-26 15:44 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-26 15:44 . 2012-05-26 15:44 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-05-25 12:35 . 2012-05-25 12:35 -------- d-----w- c:\users\Ziggy\AppData\Local\libimobiledevice
2012-05-24 11:52 . 2012-05-24 11:52 -------- d-----w- c:\users\Ziggy\AppData\Roaming\LolClient2
2012-05-21 20:57 . 2012-05-21 21:00 -------- d-----w- c:\program files (x86)\Graboid
2012-05-20 21:00 . 2012-05-20 21:00 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 16:47 . 2012-03-24 02:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2012-02-19 14:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:09 . 2012-05-09 13:37 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-23 09:47 . 2012-03-23 09:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-23 09:47 . 2012-03-23 09:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-23 09:47 . 2012-03-23 09:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-23 09:47 . 2012-03-23 09:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-23 09:47 . 2012-03-23 09:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-23 09:47 . 2012-03-23 09:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-23 09:47 . 2012-03-23 09:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-23 09:47 . 2012-03-23 09:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-23 09:47 . 2012-03-23 09:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-23 09:47 . 2012-03-23 09:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-23 09:47 . 2012-03-23 09:47 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-23 09:47 . 2012-03-23 09:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-23 09:47 . 2012-03-23 09:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-23 09:47 . 2012-03-23 09:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-23 09:47 . 2012-03-23 09:47 448512 ----a-w- c:\windows\system32\html.iec
2012-03-23 09:47 . 2012-03-23 09:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-23 09:47 . 2012-03-23 09:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-23 09:47 . 2012-03-23 09:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-23 09:47 . 2012-03-23 09:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-23 09:47 . 2012-03-23 09:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-23 09:47 . 2012-03-23 09:47 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-23 09:47 . 2012-03-23 09:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-23 09:47 . 2012-03-23 09:47 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-23 09:47 . 2012-03-23 09:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-23 09:47 . 2012-03-23 09:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-23 09:47 . 2012-03-23 09:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-23 09:47 . 2012-03-23 09:47 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-23 09:47 . 2012-03-23 09:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-23 09:47 . 2012-03-23 09:47 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-23 09:47 . 2012-03-23 09:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-23 09:47 . 2012-03-23 09:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-23 09:47 . 2012-03-23 09:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-21 18:13 . 2012-02-14 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 07:55 . 2012-05-09 13:37 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_15.35.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 02:01 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-04-15 10:18 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-06-13 02:01 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-06-13 02:01 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-04-15 10:18 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 05:10 . 2012-06-13 16:28 33524 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-18 08:36 . 2010-03-18 08:36 57168 c:\windows\system32\vcomp100.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 57168 c:\windows\system32\vcomp100.dll
+ 2012-06-13 02:01 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
- 2012-04-15 10:18 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-06-13 02:01 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 91472 c:\windows\system32\mfcm100u.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 91472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 91472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 91472 c:\windows\system32\mfcm100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 62288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 62288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 55120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 64336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 64336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 36176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 36176 c:\windows\system32\mfc100chs.dll
- 2012-04-15 10:18 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2012-06-13 02:01 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
- 2012-02-14 12:25 . 2012-06-03 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-14 12:25 . 2012-06-12 16:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-12 16:03 . 2012-06-12 16:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 16:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-03 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-13 16:19 82688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-13 02:10 . 2012-06-13 02:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-12 02:12 . 2012-05-12 02:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-12 02:12 . 2012-05-12 02:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-14 13:05 . 2012-05-12 02:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\dff994827d98487b32890db8a968ede0\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\ab781679ac42ad82de5fe7c2c0006b2a\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\0e8a192d6df9aa905653ddce81fa3895\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\f5c5517bf252bf6c4d8de833d2111309\System.Web.DynamicData.Design.ni.dll
+ 2012-02-14 12:31 . 2012-06-13 16:28 7018 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3566133550-189038809-3792320589-1000_UserData.bin
+ 2012-06-13 14:12 . 2012-06-13 14:12 9560 c:\windows\system32\NetworkList\Icons\{F6B5F122-4F2D-42AD-9E0D-2F62947E6C0E}_48.bin
+ 2012-06-13 14:12 . 2012-06-13 14:12 4280 c:\windows\system32\NetworkList\Icons\{F6B5F122-4F2D-42AD-9E0D-2F62947E6C0E}_32.bin
+ 2012-06-13 14:12 . 2012-06-13 14:12 2456 c:\windows\system32\NetworkList\Icons\{F6B5F122-4F2D-42AD-9E0D-2F62947E6C0E}_24.bin
- 2012-06-12 15:35 . 2012-06-12 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 16:26 . 2012-06-13 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 16:26 . 2012-06-13 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 15:35 . 2012-06-12 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-13 02:01 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
- 2012-04-15 10:18 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
+ 2012-06-13 02:01 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
- 2012-04-15 10:18 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-06-13 02:01 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-03-23 09:47 . 2012-03-23 09:47 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-04-15 10:18 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-13 02:01 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2009-07-14 04:54 . 2012-06-13 02:30 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-12 15:20 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-15 10:16 . 2012-06-13 13:20 252438 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-06-13 02:01 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
- 2012-04-15 10:18 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-06-13 02:09 652148 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-13 02:09 121080 c:\windows\system32\perfc009.dat
- 2010-03-18 08:36 . 2010-03-18 08:36 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 608080 c:\windows\system32\msvcp100.dll
- 2012-04-15 10:18 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-06-13 02:01 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
- 2012-03-23 09:47 . 2012-03-23 09:47 173056 c:\windows\system32\ieUnatt.exe
+ 2012-06-13 02:01 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
- 2012-04-15 10:18 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
+ 2012-06-13 02:01 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2012-05-12 02:34 425488 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-06-13 02:30 425488 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-07 14:02 . 2011-01-07 14:02 158536 c:\windows\system32\atl100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 158536 c:\windows\system32\atl100.dll
+ 2012-02-14 13:21 . 2012-06-13 16:25 462384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-12 15:34 394268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-13 16:25 394268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-07 18:01 . 2012-06-12 15:19 789084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3566133550-189038809-3792320589-1000-12288.dat
+ 2012-04-07 18:01 . 2012-06-13 16:25 789084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3566133550-189038809-3792320589-1000-12288.dat
- 2012-04-11 19:13 . 2012-01-26 23:32 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-12 20:46 . 2012-04-23 22:38 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-12 20:46 . 2012-04-23 22:37 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-04-11 19:13 . 2012-01-26 23:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 02:12 . 2012-05-12 02:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-12 02:12 . 2012-05-12 02:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-14 13:05 . 2012-05-12 02:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\34044633b95cc2832aea9496d453ae8a\WindowsFormsIntegration.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\777e1ebe496b3100984c9205563ba229\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\319e75d7f46269746bf9b0e90bb6bd72\System.Web.Entity.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\1d94db8319deaee20d4aa1bf57db0d59\System.Web.Entity.Design.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\e78445e1d29828e7882032f732fd244c\System.Web.DynamicData.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 331776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\01e5ffb2f66e7d77a6fd06619f12cce8\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\29bdbbcd8f0a686bab3d56dcba71a352\System.ServiceProcess.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\a6e99ee1ba362b1c0fb39e95e7e2a67f\System.Messaging.ni.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\a716fd55407014087ae1a81b896aa585\System.Drawing.Design.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b0b9375551b79eccceaa7fba8ef02c41\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\08242751b482949cca7de20732c678ff\WindowsFormsIntegration.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\6c8c58db512d8aa15fb291d0a9120b03\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\7505101daf822e73b6a05a1143fb9156\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\57e337abeeba57327cae79c81a5e589a\System.Web.Entity.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\da9437f14eed90f8d09c879f05c0e02d\System.Web.Entity.Design.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\e0bec8b251c12837ccebefd7a16821c1\System.Web.DynamicData.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\63cfe8ad56ec2789fe26e340d11242e4\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7ce2a950de6928f650c9174f5e988ee4\System.ServiceProcess.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a1918943c27381d12679bc2ae237ab81\System.Messaging.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\40102e868fd3c2d5b63673a9757537f1\System.Drawing.Design.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\951ece575b9f8ed9a4abde6e58df473c\System.Configuration.Install.ni.dll
- 2012-05-12 02:26 . 2012-05-12 02:26 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\951ece575b9f8ed9a4abde6e58df473c\System.Configuration.Install.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1c2bbfcafb8e12bd918b5ec72ead6b75\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\ad62fba57b19a1b003418377fc15f2ea\AspNetMMCExt.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\0599e722d086c85c54a6dc71de5781f5\WindowsFormsIntegration.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\ecf332ee723fd33a408a00e926935c4a\TaskScheduler.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\2c66bb8492ad0ccd7c86eb204a86f16a\System.Web.Routing.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\e3ca70a436f9c8a0cb178f3fe0d15ce6\System.Web.Entity.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\4a722f8a9668af77c08a921ec5d249f2\System.Web.Entity.Design.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\5e3e171d6b46739a8f89e2a589de1062\System.Web.DynamicData.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\8f8685c0362ccfae34c1c958fc43bf40\System.Web.Abstractions.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\984398a06970ec18178ddf072de6167e\System.Messaging.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a650d1b1ee920b0fecfe5e8342217265\System.Drawing.Design.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\33ae5cf0b1603f19a9c66e376b4cdcda\napsnap.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\5c28e1b5ec388ca1b62f229a068b9842\napinit.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\bf084532afc235bb8947191850be2dbd\MMCFxCommon.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\611f809f625bafde88d989c624f5fd0f\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\390ab84a69a72771f8c15596c3918ca3\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e357bfb6a7358070a31cfb315e1094b8\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\3cbc899f004a3144820b162f339cc299\mcplayerinterop.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\1ee690ef6472178228e84214d7f136ad\mcGlidHostObj.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bef11fb4617a18e0cdb5c7673308f0d8\EventViewer.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\3266ef1067584da5503061cb4c694b82\ehExtHost.ni.exe
+ 2012-06-13 02:44 . 2012-06-13 02:44 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\58b6523c5167dd748a679e8a46330c32\TaskScheduler.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e8583c3f80cd2a94f552a64b4953dde2\System.Web.Routing.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\394765924d5b924fe87103c943abc69c\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4b72a66912627a66c65ebc8ce8d82e91\System.Web.Entity.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\973d534cb631a5c9c7ea74842056332d\System.Web.Entity.Design.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c80448d686095317e9019f48572b03e0\System.Web.DynamicData.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\a5f548d874a19f075ca408ac46e57d72\System.Web.Abstractions.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4e3449df387e6a0680d25969da6f965a\System.Drawing.Design.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\0e9f88f220b048e2b0d2c8e3801e1fbd\napsnap.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\821bb293acac9e6fbb0dc69087e2a172\napinit.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1f10581674c9eb08c896e21fc1f43be4\MMCFxCommon.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\49af28b21e53bc36f58c371995dfae1a\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\491bfb35b47079843c7faecb5b67787d\EventViewer.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\97a8bea875e2f88da466cfa59340a528\ehExtHost32.ni.exe
- 2012-04-11 19:13 . 2012-01-26 23:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-12 20:46 . 2012-04-23 22:37 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 02:01 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-06-13 02:01 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-06-13 02:01 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-06-13 02:01 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-06-13 02:01 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 04:54 . 2012-06-12 15:20 1343488 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 02:30 1343488 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 15:20 3260416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 02:30 3260416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-13 02:01 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-06-13 02:01 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 5523280 c:\windows\system32\mfc100u.dll
+ 2011-01-07 14:02 . 2011-01-07 14:02 5493576 c:\windows\system32\mfc100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 5493576 c:\windows\system32\mfc100.dll
+ 2012-06-13 02:01 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
+ 2012-06-13 02:01 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-06-09 21:52 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-13 02:32 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-04-07 18:01 . 2012-06-13 16:25 1846740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3566133550-189038809-3792320589-1000-8192.dat
- 2009-07-13 20:37 . 2009-06-10 20:40 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-06-12 20:44 . 2012-03-21 22:28 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-12 20:44 . 2012-03-21 22:29 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-12 02:12 . 2012-05-12 02:12 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-12 02:12 . 2012-05-12 02:12 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 02:10 . 2012-06-13 02:10 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-12 02:13 . 2012-05-12 02:13 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-30 06:17 . 2012-05-30 06:17 5010432 c:\windows\Installer\243feb0.msp
+ 2011-01-07 19:05 . 2011-01-07 19:05 4583936 c:\windows\Installer\240ca69.msp
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\20e678c.msi
- 2012-02-14 13:05 . 2012-05-12 02:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-02-14 13:05 . 2012-06-13 02:11 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2012-02-14 13:05 . 2012-05-12 02:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 11:55 . 2011-06-06 11:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-06-13 02:39 . 2012-06-13 02:39 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 1602560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\6cbb3a63306f83b440181e1f09792f97\System.WorkflowServices.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 5922304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\ef8188d4d36da45832f228b45fb11e5b\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 3744768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\5b89fd70db515a11accb8c4eab74f4b6\System.Workflow.Activities.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\db9899e158c537cb632b7da93582e385\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 2964992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\ec69cb511c700e303daa3c8296a73be0\System.Web.Mobile.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\fd7ab43b921f62d495c3aaf53235558e\System.Web.Extensions.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 1101312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\c6e6649ba0074aa1ec28d938083e9610\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 5618688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\1d5dfd6fd8c797913853b3bb7b58e340\System.Web.DataVisualization.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-13 02:40 . 2012-06-13 02:40 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\a367ef014547e20e47b2eff34566913c\System.Deployment.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\f1211cd89eb88aa3c6aeffd1f209734b\System.Activities.Presentation.ni.dll
+ 2012-06-13 02:42 . 2012-06-13 02:42 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-13 02:40 . 2012-06-13 02:40 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\01372a00365eab63786b28196e4666af\PresentationUI.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\fec4f2cf5b7c387eb2c3a1e50b1ad190\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\afceb7b7c365c11d1351db98da3f1dea\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 3821056 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\831ace3d444cff8269911537d38ff1af\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\c6a89daba8d739f8f365b8a62b0e7c19\AspNetMMCExt.ni.dll
+ 2012-06-13 02:34 . 2012-06-13 02:34 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b6b8b4e51241c43c61f1360461ccfb3\System.WorkflowServices.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\667ecaef5979577444b68d765676f2bf\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\88832d6bf96d2150e99e0b94cd8c2b72\System.Workflow.Activities.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a9a219b748985434f0e27a763f7109f3\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 02:46 . 2012-06-13 02:46 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\0895dee6c262e333cd17c3859117cbf8\System.Web.Mobile.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\7f54a9cf95ca75e9e40286c3aa51f0a4\System.Web.Extensions.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a2fa0285db169004c50f0e4be1027f87\System.Web.DataVisualization.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\71e3d9751ca6679c5ce2d707ca173373\System.Printing.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\b53856712a83e81961075d644b2d15f3\System.Deployment.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2d1a9fc7015f87817931de71143a0408\System.Activities.Presentation.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\47f8023bf6e24604f908ebc472dbe3b6\ReachFramework.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\f6d78c8a53a29f198641ab323f01aa91\PresentationUI.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\fc8cb16ddeef067809bdf1eafbc1c43b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\720c0b58ecc8df24d72b4ddc1433370a\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\94995d061e7fab5cd4c3628971ecc923\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5e8951a5428e1e760a668b48983988f8\System.WorkflowServices.ni.dll
+ 2012-06-13 02:34 . 2012-06-13 02:34 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\13dec2cd87ea433f1746027ccbaa3bc4\System.Workflow.Runtime.ni.dll
+ 2012-06-13 02:34 . 2012-06-13 02:34 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\1c1764b9120f6a73ebdfb58b8e4ab9df\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 02:34 . 2012-06-13 02:34 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\254e69d8d12742213f715fc860aad36f\System.Workflow.Activities.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\991f0a84aef8729bde6ae7d9a5ee3eab\System.Web.Mobile.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 3043840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\1c19687f7c7c4dc03e75c0d23646def6\System.Web.Extensions.ni.dll
+ 2012-06-13 02:39 . 2012-06-13 02:39 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\116bbcff5d5ec37d4606353e4d79fb07\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\86a3611cdef98c49edd41c3cb52d5b81\System.Printing.ni.dll
+ 2012-06-13 02:32 . 2012-06-13 02:32 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll
+ 2012-06-13 02:31 . 2012-06-13 02:31 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\817485fd285d4ceca00b5a2f54127187\System.Deployment.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\ace65925339dc7a67f7d5801d305fea7\ReachFramework.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\bb6de6dc7e0983ff5d5eb50e4d303401\PresentationUI.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\fcfebf142d7794efa4d9f3442b4078b0\Narrator.ni.exe
+ 2012-06-13 02:38 . 2012-06-13 02:38 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\53fc273e6830f8ed9f4a6861bd9e3259\MMCEx.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\cbd80a405506069dcbc40bcf9e35cdbe\MIGUIControls.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\c43123085590686ee0fe2157c6cf78c8\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\e67017ef44edf5abace08749ba07b3b8\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\57340a7859df958d29fa5caa530dcf5f\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cb5ff04ccae6b9da5dbe37a6ae0fa6c1\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6af7cba1817dc28bdcea3f0552b05f3\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\77cfbc9d38b1f0ba1dda1acbf8dc864e\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a036f49088456b29078f9450be06443f\Microsoft.Ink.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\9293388abb9fd1c2e63ae6224b5f1631\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 02:38 . 2012-06-13 02:38 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1f21383dca22c1a8cbe08f00f26150df\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\dc68964376339f9b71d002094cb3f0ca\mcstore.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b345f2895557e6ef39b94aebdeb4a57e\System.WorkflowServices.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\fd5cec6034bba6b7c0c9b8429b6f2222\System.Workflow.Runtime.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7ad53a4ed45b577ddc8f80aa5c8e012d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5c617f481e72820be334a511ad7e0648\System.Workflow.Activities.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e950097b782a3726f9ec9a2662944e73\System.Web.Mobile.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\99d890cec9c7b5d0883d2d84ad98a457\System.Web.Extensions.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\da97dedec4a2fd679a2c45b6e91b2481\System.Printing.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4ddbf3609f6efff982c900440dcdb181\ReachFramework.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\1b357b8f86096b51ac50f1d7c90fd9b9\PresentationUI.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\edd366eb04c2fe0aaabba01c5a2105e0\Narrator.ni.exe
+ 2012-06-13 02:44 . 2012-06-13 02:44 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e143c439fa3698366c4b2b1911a5f8f2\MMCEx.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66183b1d79527c54e9d5ffdd8f8fda69\MIGUIControls.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b02bdb4f1d9b1e3fb1c5b79838e371e4\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f309ae82c753663e09a9a4cdb8375e1\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f606df7f73ca8fb4ad5fc8edf23c3a88\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3e794c9f632eef8f63037605644b2385\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4c9b801dd450ef4344d43ba63cd8928f\Microsoft.Ink.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d7fe0033c89960de70477f3a3bf6f139\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 02:44 . 2012-06-13 02:44 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\608fbe1dfdc8d81dacec493fb0359ff4\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 02:43 . 2012-06-13 02:43 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9118d768723cabeb71ee31c9ae817dd5\mcstore.ni.dll
+ 2012-06-12 20:44 . 2012-03-21 22:29 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 02:01 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-06-11 15:38 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-13 03:31 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-13 02:01 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2012-06-13 02:01 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\20e678d.msp
+ 2011-06-06 11:55 . 2011-06-06 11:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\fc5ee4c49d4dce73aa57bdc93e38a2ca\System.Windows.Forms.ni.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\78c695d02ff7a329f5c414e5b45e2833\System.Web.ni.dll
+ 2012-06-13 02:41 . 2012-06-13 02:41 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\07e86965f79c50724dbe760c75f84e8d\System.Design.ni.dll
+ 2012-06-13 02:40 . 2012-06-13 02:40 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-13 02:40 . 2012-06-13 02:40 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\28a0eb7335f184d9757fce3bf74df877\System.Windows.Forms.ni.dll
+ 2012-06-13 02:45 . 2012-06-13 02:45 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b4dc0d0f6dbba38ac690cb9eab7611f3\System.Web.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\a3dd586a0b692f61dc760316ff232fb7\System.Design.ni.dll
+ 2012-06-13 02:34 . 2012-06-13 02:34 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
+ 2012-06-13 02:34 . 2012-06-13 02:34 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
+ 2012-06-13 02:32 . 2012-06-13 02:32 17382912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll
+ 2012-06-13 02:33 . 2012-06-13 02:33 19173376 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\916af5e5c39e1226e0b87a80e3a979f2\PresentationFramework.ni.dll
+ 2012-06-13 02:31 . 2012-06-13 02:31 16517120 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\ea90a194614680a484a25b6ccc4df754\PresentationCore.ni.dll
+ 2012-06-13 02:37 . 2012-06-13 02:37 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\a1484b74816bb58e5a5e59cc750fc3bd\ehshell.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\1321319c8922886e520d2821b5a64dca\System.Design.ni.dll
+ 2012-06-13 02:36 . 2012-06-13 02:36 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
+ 2012-06-13 02:35 . 2012-06-13 02:35 12218880 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
"Spotify Web Helper"="c:\users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-07 932528]
"LolMatches Client"="c:\program files (x86)\LolMatches\LolMatches Client.exe" [2012-05-30 1178624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257696]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-25 785344]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 16:47]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 12:48]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 12:48]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566133550-189038809-3792320589-1000Core.job
- c:\users\Ziggy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 12:38]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566133550-189038809-3792320589-1000UA.job
- c:\users\Ziggy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 12:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-02-14 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273602125416l0368z1k5t4821d717
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ziggy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Ziggy\AppData\Roaming\Mozilla\Firefox\Profiles\cniyebok.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
Toolbar-Locked - (no file)
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Completion time: 2012-06-13 17:33:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 16:33
ComboFix2.txt 2012-06-12 15:42
.
Pre-Run: 113,438,752,768 bytes free
Post-Run: 113,552,781,312 bytes free
.
- - End Of File - - E376F24EAF4B839D6CA9255697C91C64

Problems seem to be resolved

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 14 June 2012 - 01:56 AM

Hello sickomann

That is great news!!

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 14 June 2012 - 08:48 AM

Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.124.1120
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Alcor Micro USB Card Reader
Alice Greenfingers
Amazonia
Apple Application Support
Apple Software Update
Audacity 2.0
AV Voice Changer Software DIAMOND 7.0
Avanquest update
Backup Manager Basic
Bome's Mouse Keyboard 2.00
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
DAEMON Tools Pro
Dairy Dash
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
First Class Flurry
Free YouTube to MP3 Converter version 3.11.17.319
GameRanger
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heinemann Solutionbank Core C4
Heroes of Hellas
HiJackThis
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 31
Launch Manager
League of Legends
LogMeIn Hamachi
LolMatches Client
LOLReplay
Male Voice Pack
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Merriam Websters Spell Jam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
Mixxx 1.10.0 (64-bit)
MorphVOX Pro
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
NCH Toolbox
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Opera 11.61
QuickTime
Rappelz_US
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype 5.9
Sony Ericsson Update Engine
Sony PC Companion 2.10.065
Spotify
Star Wars Battlefront
Star wars Battlefront II version 1.3
Synthesia (remove only)
TwelveKeys Music Transcription Software
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar
VLC media player 1.1.11
WavePad Sound Editor
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Upload Tool
Worms - 1.0
Worms Armageddon Patch
YouTube Downloader 3.5
YouTube Downloader Toolbar v5.8

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 14 June 2012 - 12:58 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 6 Update 31
McAfee Security Scan Plus
uTorrentControl2 Toolbar
YouTube Downloader Toolbar v5.8
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 16 June 2012 - 06:03 AM

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ziggy :: ZIGGY-PC [administrator]

Protection: Enabled

16/06/2012 11:40:35
mbam-log-2012-06-16 (11-40-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209186
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:03, on 16/06/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ziggy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273602125416l0368z1k5t4821d717
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [LolMatches Client] C:\Program Files (x86)\LolMatches\LolMatches Client.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ziggy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14292 bytes



PC is running fine now, sorry for the delay

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 16 June 2012 - 12:41 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
      O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
      O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
      O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ziggy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [LolMatches Client] C:\Program Files (x86)\LolMatches\LolMatches Client.exe
      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 16 June 2012 - 04:43 PM

C:\Qoobox\Quarantine\C\Windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\80000064.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
C:\Users\Ziggy\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 16 June 2012 - 08:43 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\Ziggy\AppData\Local\Babylon\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as perfect security. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sickomann

sickomann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 17 June 2012 - 03:49 PM

thank you soo much for the help, i will have to recommend this forum to other friends when they suffer :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users