Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirect Virus Help Needed


  • This topic is locked This topic is locked
20 replies to this topic

#1 CMariano

CMariano

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 13 June 2012 - 11:50 AM

Hello, I was trying to fix this problem but no success...:(

Thanks you for your help in advance!

When I click on a link to a search result (not always, but many times) I am redirected to sites such as: 8.26.70.252, 63.209.69.107, 66.85.181.166, a page to buy Norton, getanswers page, etc.

My computer runs Windows 7, 64-bit OS

Below some results of antiviruses I used in the last three days

1-AVG 2012: Trojan Horse Java/Exploit.AXH (sent to vault)

2-Hitman 3.6.0: No Threats

3-Kaspersky TDSSKiller: No Threats

4-Avast: No Threats

5-aswMBR: No Threats

6: Malwarebytes:
Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

7-ComboFix: I tried to paste in here the report but it says that "my post is too long", so I've attached it.

Also, in case it helps, I deleted "127.0.0.1 local host" from windows/system32/drivers/etc/host

Edited by CMariano, 13 June 2012 - 11:58 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 14 June 2012 - 01:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 14 June 2012 - 09:23 AM

Hi Gringo, thank you for your quick response!

I did as you said:

1-Run DeFogger
2-Run Security Check (see report posted below)
3-Disabled Malaware and run DDS (see report posted below, and attach.txt attached)

No problem with the computer, BUT I'm still getting redirected (e.g. to click-getanswers, or compare.us.com)

One more thing in case this info helps. It is very likely that I got the virus/nuisance from http://www.free-tv-video-online.me/ (I've seen other post from someone that likely got it form the same place)

Let me know how to proceed. Thanks again!


Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.1)
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Carlos at 10:05:17 on 2012-06-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7990.5764 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://movies.netflix.com/WiHome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75405502-AF2D-42F4-9C02-3C12707DCAB3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75405502-AF2D-42F4-9C02-3C12707DCAB3}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{75405502-AF2D-42F4-9C02-3C12707DCAB3}\D416272796F64747F5055726C69636 : DhcpNameServer = 4.2.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Trixie.Bho: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110917&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\plugins\npLightshot.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 acedrv09;acedrv09;\??\C:\Windows\system32\drivers\acedrv09.sys --> C:\Windows\system32\drivers\acedrv09.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-9 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-6-25 338168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-24 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-9 654408]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-24 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-7 1656112]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/24 06:08:05;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-11-24 245232]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-25 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-28 129976]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PowerLabUSB;ADInstruments PowerLab driver;C:\Windows\system32\DRIVERS\plusb2_0_3_NTamd64.sys --> C:\Windows\system32\DRIVERS\plusb2_0_3_NTamd64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-12 03:54:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-12 02:01:21 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-12 02:01:21 -------- d-----w- C:\Program Files\AVAST Software
2012-06-11 21:57:38 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-11 15:00:06 98816 ----a-w- C:\Windows\sed.exe
2012-06-11 15:00:06 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-11 15:00:06 256000 ----a-w- C:\Windows\PEV.exe
2012-06-11 15:00:06 208896 ----a-w- C:\Windows\MBR.exe
2012-06-10 03:10:08 -------- d-----w- C:\Users\Carlos\AppData\Roaming\Malwarebytes
2012-06-10 03:10:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-10 03:10:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-10 03:10:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 02:53:44 -------- d-----w- C:\Windows\pss
2012-05-24 23:16:14 -------- d-----w- C:\Users\Carlos\AppData\Local\TouchSmartData
.
==================== Find3M ====================
.
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 18:22:04 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:22:04 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:21:59 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec
2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 10:06:16.05 ===============

Attached Files


Edited by CMariano, 14 June 2012 - 11:18 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 14 June 2012 - 12:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 14 June 2012 - 09:31 PM

Hi Gringo,

No problems to report. The computer is doing fine. However, the redirectioning still happens (e.g. to scour.com or to click to get answers). I tried with Chrome and Firefox. I tried many times using Safari, and it seems it is the only browser that is not affected...(I have windows 64-bit OS)

Please, see ComboFix log below (It rebooted the computer once).

ComboFix 12-06-14.01 - Carlos 06/14/2012 21:53:46.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7990.5886 [GMT -4:00]
Running from: c:\users\Carlos\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Maintenance Service
c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files (x86)\Mozilla Maintenance Service\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 02:02 . 2012-06-15 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 02:02 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-12 02:01 . 2012-06-12 02:52 -------- d-----w- c:\programdata\AVAST Software
2012-06-12 02:01 . 2012-06-12 02:01 -------- d-----w- c:\program files\AVAST Software
2012-06-11 21:57 . 2012-06-11 21:58 -------- d-----w- c:\programdata\HitmanPro
2012-06-10 03:10 . 2012-06-10 03:10 -------- d-----w- c:\users\Carlos\AppData\Roaming\Malwarebytes
2012-06-10 03:10 . 2012-06-10 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-10 03:10 . 2012-06-10 03:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 03:10 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 23:16 . 2012-05-24 23:16 -------- d-----w- c:\users\Carlos\AppData\Local\TouchSmartData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:22 . 2012-04-18 13:45 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:22 . 2011-05-19 01:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:21 . 2012-04-18 14:12 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-30 11:09 . 2012-05-10 16:15 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-17 07:55 . 2012-05-10 16:15 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-12_03.36.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 00:47 . 2012-06-15 02:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-30 00:47 . 2012-06-12 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-30 00:47 . 2012-06-12 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-30 00:47 . 2012-06-15 02:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-10 17:27 . 2012-05-10 17:27 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-10 17:25 . 2012-05-10 17:25 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-10 17:23 . 2012-05-10 17:23 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-10 17:23 . 2012-05-10 17:23 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-12-11 20:44 . 2012-06-13 17:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-05-10 17:23 . 2012-05-10 17:23 81248 c:\windows\assembly\temp\W45LAYG0S8\CustomMarshalers.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\11c324b9616d95c2685716fbae9324ab\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\be0023b0814db0cd39b177e21632f8e9\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\0e8a192d6df9aa905653ddce81fa3895\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\a1bbbe7f5659a9a4abd70ad06ac3efd6\WindowsLiveWriter.ni.exe
+ 2012-06-14 13:58 . 2012-06-14 13:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\f5c5517bf252bf6c4d8de833d2111309\System.Web.DynamicData.Design.ni.dll
- 2012-06-12 02:52 . 2012-06-12 02:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 02:03 . 2012-06-15 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 02:03 . 2012-06-15 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 02:52 . 2012-06-12 02:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-12 02:51 400784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-15 02:02 400784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
- 2012-04-12 00:11 . 2012-01-26 23:32 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-13 13:44 . 2012-04-23 22:38 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-12 00:11 . 2012-01-26 23:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-13 13:44 . 2012-04-23 22:37 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-10 17:23 . 2012-05-10 17:23 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-10 17:23 . 2012-05-10 17:23 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-12-11 20:44 . 2012-06-13 17:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-05-10 17:25 . 2012-05-10 17:25 409448 c:\windows\assembly\temp\YQU4YMI98P\System.configuration.dll
+ 2012-05-10 17:25 . 2012-05-10 17:25 113512 c:\windows\assembly\temp\UT347ZV5JP\System.ServiceProcess.dll
+ 2012-05-10 17:25 . 2012-05-10 17:25 616216 c:\windows\assembly\temp\N41DQ08HVM\System.Drawing.dll
+ 2012-05-10 17:26 . 2012-05-10 17:26 291184 c:\windows\assembly\temp\LG01R1IMYD\System.Runtime.Remoting.dll
+ 2012-05-10 17:24 . 2012-05-10 17:24 269672 c:\windows\assembly\temp\97VA4GD75I\System.Transactions.dll
+ 2012-05-10 17:23 . 2012-05-10 17:23 109568 c:\windows\assembly\temp\1IRUJOTSV4\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 17:23 . 2012-05-10 17:23 246128 c:\windows\assembly\temp\1IRUJOTSV4\System.EnterpriseServices.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\99cb318f961215576faaa1545dda4f49\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\319e75d7f46269746bf9b0e90bb6bd72\System.Web.Entity.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\36a0e6286d72d98d39588687815731bb\System.Web.Entity.Design.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\4167c5a7841a7d28d41c1c3729b3924c\System.Web.DynamicData.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 331776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\3e3b88c0768491811650ffae55afb0cb\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\b296ac056fd009b084b03fdfc9559b92\System.Drawing.Design.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\122b5ef2b93132bd770c2c5d753d73ee\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\c85b43405ac9aa403a714af716ef3c5e\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\a0abe24dff94a2fb2c27c631a45aa95f\System.Web.Entity.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\951b0d1b999b49a47fb06f4011565ffa\System.Web.Entity.Design.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\ae2121b64d021313d3c1ddd621e4d472\System.Web.DynamicData.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\15e5acbd2196d1d4bde8466ff690aa76\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\0640b7fe359ea63a1799465631aa691a\System.Drawing.Design.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 985600 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Wte.Serv#\cc94cd6b6c14439ac3dd574ca6dae48a\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b02ad189fc3de84d6361f0bf0cfafbf5\AspNetMMCExt.ni.dll
+ 2012-06-13 22:41 . 2012-06-13 22:41 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\0599e722d086c85c54a6dc71de5781f5\WindowsFormsIntegration.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\ecf332ee723fd33a408a00e926935c4a\TaskScheduler.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\2c66bb8492ad0ccd7c86eb204a86f16a\System.Web.Routing.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\e3ca70a436f9c8a0cb178f3fe0d15ce6\System.Web.Entity.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\4a722f8a9668af77c08a921ec5d249f2\System.Web.Entity.Design.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\5e3e171d6b46739a8f89e2a589de1062\System.Web.DynamicData.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\8f8685c0362ccfae34c1c958fc43bf40\System.Web.Abstractions.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll
+ 2012-06-13 22:41 . 2012-06-13 22:41 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\984398a06970ec18178ddf072de6167e\System.Messaging.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a650d1b1ee920b0fecfe5e8342217265\System.Drawing.Design.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\33ae5cf0b1603f19a9c66e376b4cdcda\napsnap.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\5c28e1b5ec388ca1b62f229a068b9842\napinit.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\bf084532afc235bb8947191850be2dbd\MMCFxCommon.ni.dll
+ 2012-06-13 22:41 . 2012-06-13 22:41 789504 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Surface.T#\fdb4508bc5cfb70b41d23e181836ba80\Microsoft.Surface.TouchPack.Core.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 980480 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Surface.T#\a6d7c1329df7516a7af5a8dd2f5b25b1\Microsoft.Surface.TouchApps.Globe.Presentation.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\611f809f625bafde88d989c624f5fd0f\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\390ab84a69a72771f8c15596c3918ca3\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 638464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\df9f6ff7c4bf72a0d07fb636e1bd4867\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 612352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\56692c435d1d57d31a35d6f56ff31e94\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e357bfb6a7358070a31cfb315e1094b8\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\3cbc899f004a3144820b162f339cc299\mcplayerinterop.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\1ee690ef6472178228e84214d7f136ad\mcGlidHostObj.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bef11fb4617a18e0cdb5c7673308f0d8\EventViewer.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\3266ef1067584da5503061cb4c694b82\ehExtHost.ni.exe
+ 2012-06-13 22:51 . 2012-06-13 22:51 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\fb63148e2e0470bd024872b158f74254\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b804c5bba192ab05a23ccea32ae89187\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aae3a0978137c800df8bbe5f1c0750da\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a45f76dd8c85babd06ce629eb999e637\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9efb50a6e15c7702bbefb8f97aba8fc7\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\947f4481c37e2ca57a8b441c92a6f14b\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6a1c11c7e141b8475ca4e97e897cfda4\WindowsLive.Writer.Api.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 890880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2d09dc3137389210ed8f9132ebd8a007\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\224edad98b7f82a1f7e180be7abbd9d9\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 780288 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1853e4dcaa17b4f63e8381ebc23496d8\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\16a1e669f50f594c1a654a9bd8d01b4e\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\150277c2fc7293ffeeadcb703c8e4520\WindowsLive.Client.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\58b6523c5167dd748a679e8a46330c32\TaskScheduler.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e8583c3f80cd2a94f552a64b4953dde2\System.Web.Routing.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\394765924d5b924fe87103c943abc69c\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4b72a66912627a66c65ebc8ce8d82e91\System.Web.Entity.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\973d534cb631a5c9c7ea74842056332d\System.Web.Entity.Design.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c80448d686095317e9019f48572b03e0\System.Web.DynamicData.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\a5f548d874a19f075ca408ac46e57d72\System.Web.Abstractions.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4e3449df387e6a0680d25969da6f965a\System.Drawing.Design.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\0e9f88f220b048e2b0d2c8e3801e1fbd\napsnap.ni.dll
+ 2012-06-14 13:57 . 2012-06-14 13:57 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\821bb293acac9e6fbb0dc69087e2a172\napinit.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1f10581674c9eb08c896e21fc1f43be4\MMCFxCommon.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 771072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Surface.T#\de82797f3e553fbaf4532968a150102f\Microsoft.Surface.TouchApps.Globe.Presentation.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 516608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Surface.T#\ca447bed10297c901744a06549818a9d\Microsoft.Surface.TouchPack.Core.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 576512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Surface.T#\619d132948f33203b3572f820c5d9477\Microsoft.Surface.TouchApps.Globe.Controls.MapControl.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 472064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\fcab2472c22dadf15eb148149697e608\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 767488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cc847d6a67c4648939d49a927ac33098\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 840192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ca31d127313782ee9567435a31b98218\Microsoft.MapPoint.Geometry.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\48d656cff8f1b230d2ef58f815baf677\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\49af28b21e53bc36f58c371995dfae1a\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 955392 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\c4a462027b55d7df1b7a34b69358cfad\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\491bfb35b47079843c7faecb5b67787d\EventViewer.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\97a8bea875e2f88da466cfa59340a528\ehExtHost32.ni.exe
- 2012-04-12 00:11 . 2012-01-26 23:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 13:44 . 2012-04-23 22:37 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-11-24 14:44 . 2012-05-31 03:24 5031272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-24 14:44 . 2012-06-14 03:47 5031272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-30 05:33 . 2012-06-12 02:51 5003432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1819021239-1962948344-1292429427-1001-8192.dat
+ 2010-11-30 05:33 . 2012-06-15 02:02 5003432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1819021239-1962948344-1292429427-1001-8192.dat
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-13 13:44 . 2012-03-21 22:28 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-13 13:44 . 2012-03-21 22:29 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-10 17:27 . 2012-05-10 17:27 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-10 17:25 . 2012-05-10 17:25 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-10 17:26 . 2012-05-10 17:26 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-10 17:23 . 2012-05-10 17:23 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 17:23 . 2012-05-10 17:23 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-10 17:24 . 2012-05-10 17:24 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 17:15 . 2012-06-13 17:15 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-30 11:17 . 2012-05-30 11:17 5010432 c:\windows\Installer\c4ffba.msp
+ 2012-04-23 02:46 . 2012-04-23 02:46 1187328 c:\windows\Installer\c4ffa5.msp
+ 2012-03-15 18:26 . 2012-03-15 18:26 4212736 c:\windows\Installer\c4ff9d.msp
- 2010-12-11 20:44 . 2012-05-10 17:33 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-12-11 20:44 . 2012-06-13 17:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-12-11 20:44 . 2012-05-10 17:33 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-05-10 17:23 . 2012-05-10 17:23 2975064 c:\windows\assembly\temp\YNH9STSVDI\System.Data.dll
+ 2012-05-10 17:25 . 2012-05-10 17:25 5029160 c:\windows\assembly\temp\YIWJ2MWI6Y\System.Windows.Forms.dll
+ 2012-05-10 17:25 . 2012-05-10 17:25 3512072 c:\windows\assembly\temp\SXC0AGWUT4\System.dll
+ 2012-05-10 17:25 . 2012-05-10 17:25 2207568 c:\windows\assembly\temp\IIHCBM7J2D\System.XML.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 1602560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\fb9bda76fdb95462be5964d24b3a3694\System.WorkflowServices.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 5922304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\7e21b535d75b72744702755d91df3e04\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 3744768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\788eeff916be29e97c39ceed908b36c1\System.Workflow.Activities.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 2964992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\1991b901c67dc756a410b4352a0b82d5\System.Web.Mobile.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 1101312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\a08563ecdd9d8c25776f7697b82441b8\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\4e3d591d1ffa8ce8d8659f6b096a968e\System.Web.Extensions.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 5618688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\1d5dfd6fd8c797913853b3bb7b58e340\System.Web.DataVisualization.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-13 22:47 . 2012-06-13 22:47 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-13 22:49 . 2012-06-13 22:49 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-13 22:47 . 2012-06-13 22:47 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\06b302bc4d53d2abace0e35c7c6ac340\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 3821056 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9857693ea27b34f5c8d00356eddefb9b\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\582c7d14b9ce7ac950f2a432a0809270\AspNetMMCExt.ni.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 3398656 c:\windows\assembly\NativeImages_v4.0.30319_32\ttax\cba67efad7cbcb27a67c5728ad186642\ttax.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6831f648f5b925f1194f691b0b491662\System.WorkflowServices.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\a1705962a6725e5f40066496222d67e7\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\ec819e8a7e4585ffc87ae93d3b0662d8\System.Workflow.Activities.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\98709826ecf4cc93d6b85c8fe2c009b7\System.Web.Mobile.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\27b66f127250f2ba37f9bf1d519c6039\System.Web.Extensions.ni.dll
+ 2012-06-14 15:53 . 2012-06-14 15:53 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\794ebda123b04ccc874a5624bdced900\System.Web.DataVisualization.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\41acde5834988268e2cdbed499715066\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\545d26502454316492990b42b093e673\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 1690112 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Map\5c74a7e5a5075a1ccaf48b816a4828d7\Intuit.Ctg.Map.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5e8951a5428e1e760a668b48983988f8\System.WorkflowServices.ni.dll
+ 2012-06-13 17:10 . 2012-06-13 17:10 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\13dec2cd87ea433f1746027ccbaa3bc4\System.Workflow.Runtime.ni.dll
+ 2012-06-13 17:10 . 2012-06-13 17:10 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\5281b10ef1fa4fb5549275e3f1818517\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 17:27 . 2012-06-13 17:27 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\1c1764b9120f6a73ebdfb58b8e4ab9df\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 17:08 . 2012-06-13 17:08 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\773bc0215246fe3104d37a0a321e2a03\System.Workflow.Activities.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\254e69d8d12742213f715fc860aad36f\System.Workflow.Activities.ni.dll
+ 2012-06-13 17:07 . 2012-06-13 17:07 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\991f0a84aef8729bde6ae7d9a5ee3eab\System.Web.Mobile.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 3043840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\1c19687f7c7c4dc03e75c0d23646def6\System.Web.Extensions.ni.dll
+ 2012-06-13 22:45 . 2012-06-13 22:45 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\116bbcff5d5ec37d4606353e4d79fb07\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\86a3611cdef98c49edd41c3cb52d5b81\System.Printing.ni.dll
+ 2012-06-13 17:24 . 2012-06-13 17:24 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll
+ 2012-06-13 17:24 . 2012-06-13 17:24 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\817485fd285d4ceca00b5a2f54127187\System.Deployment.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\ace65925339dc7a67f7d5801d305fea7\ReachFramework.ni.dll
+ 2012-06-13 17:25 . 2012-06-13 17:25 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\bb6de6dc7e0983ff5d5eb50e4d303401\PresentationUI.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\18b8a672d436aeaf6e878823d23a2667\Narrator.ni.exe
+ 2012-06-13 22:44 . 2012-06-13 22:44 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\53fc273e6830f8ed9f4a6861bd9e3259\MMCEx.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\cbd80a405506069dcbc40bcf9e35cdbe\MIGUIControls.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\c43123085590686ee0fe2157c6cf78c8\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 22:41 . 2012-06-13 22:41 1176576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Surface.T#\51bf86575cec444d800b661d0c898e76\Microsoft.Surface.TouchApps.Globe.Controls.MapControl.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\e67017ef44edf5abace08749ba07b3b8\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\57340a7859df958d29fa5caa530dcf5f\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cb5ff04ccae6b9da5dbe37a6ae0fa6c1\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6af7cba1817dc28bdcea3f0552b05f3\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\77cfbc9d38b1f0ba1dda1acbf8dc864e\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 4002816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\f259413b07f9add71f6d90341de9f196\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 1070592 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\d868b9356892491076af881d2a7a4423\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 2150912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\9d2ac46b04cfd1ac3913bce8ab1d649a\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 2801152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\5ab7f4d7322bdbddc303cb1f34f8ef8c\Microsoft.MapPoint.Modeling.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 2114560 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\4386caf4c69db50dcb7cd3049659fab8\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 5869056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\35d2e49997b34953c46c6b4799a2ff23\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2012-06-13 22:42 . 2012-06-13 22:42 1183232 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MapPoint.#\1b2970723831f56e6b428f164c469c92\Microsoft.MapPoint.Geometry.ni.dll
+ 2012-06-13 22:41 . 2012-06-13 22:41 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a036f49088456b29078f9450be06443f\Microsoft.Ink.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\9293388abb9fd1c2e63ae6224b5f1631\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 22:44 . 2012-06-13 22:44 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1f21383dca22c1a8cbe08f00f26150df\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\dc68964376339f9b71d002094cb3f0ca\mcstore.ni.dll
+ 2012-06-13 22:41 . 2012-06-13 22:41 1893888 c:\windows\assembly\NativeImages_v2.0.50727_64\Globe\e4bb7e72c3fd78a08ae7468474fd42ff\Globe.ni.exe
+ 2012-06-13 22:51 . 2012-06-13 22:51 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c15d71c88ea89c665cc42410b071eaf7\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 1284608 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a5fbe443c0cca95328c39220cf939ab7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2cd42dcec0cbff4031ddc51670a258a2\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 7024640 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\11836001c109f5732e567b99b103eaac\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 3447296 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\25abf18f009a7edc0cddca30a19d550a\ttax.ni.dll
+ 2012-06-13 22:52 . 2012-06-13 22:52 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8F49.tmp\Microsoft.VisualBasic.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b345f2895557e6ef39b94aebdeb4a57e\System.WorkflowServices.ni.dll
+ 2012-06-13 17:11 . 2012-06-13 17:11 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\fd5cec6034bba6b7c0c9b8429b6f2222\System.Workflow.Runtime.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7ad53a4ed45b577ddc8f80aa5c8e012d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 17:11 . 2012-06-13 17:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5a08957165c7829f6d43b04f2dec6bc0\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 17:11 . 2012-06-13 17:11 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6062637b7d885a412c5429b5cbcef88d\System.Workflow.Activities.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5c617f481e72820be334a511ad7e0648\System.Workflow.Activities.ni.dll
+ 2012-06-13 17:11 . 2012-06-13 17:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e950097b782a3726f9ec9a2662944e73\System.Web.Mobile.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\99d890cec9c7b5d0883d2d84ad98a457\System.Web.Extensions.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\da97dedec4a2fd679a2c45b6e91b2481\System.Printing.ni.dll
+ 2012-06-13 17:27 . 2012-06-13 17:27 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
+ 2012-06-13 17:27 . 2012-06-13 17:27 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4ddbf3609f6efff982c900440dcdb181\ReachFramework.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\1b357b8f86096b51ac50f1d7c90fd9b9\PresentationUI.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\af985992d5f3dad6f766e4c8f8744aca\Narrator.ni.exe
+ 2012-06-14 13:57 . 2012-06-14 13:57 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e143c439fa3698366c4b2b1911a5f8f2\MMCEx.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66183b1d79527c54e9d5ffdd8f8fda69\MIGUIControls.ni.dll
+ 2012-06-14 13:57 . 2012-06-14 13:57 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 13:57 . 2012-06-14 13:57 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b02bdb4f1d9b1e3fb1c5b79838e371e4\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 13:57 . 2012-06-14 13:57 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f309ae82c753663e09a9a4cdb8375e1\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f606df7f73ca8fb4ad5fc8edf23c3a88\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3e794c9f632eef8f63037605644b2385\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 4083712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\f73c34066282c68fc9dff33984a42ac9\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 1524736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\693026e108da8754775128e780e61282\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 1950208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\580e1eaf45a86ccc5f992c61fc808cc9\Microsoft.MapPoint.Modeling.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 2765824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\4ba8aeec20538a0699a294b713f91cd1\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2012-06-13 22:50 . 2012-06-13 22:50 1524224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\284a58a9c8715ee152a67b9c69421d61\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4c9b801dd450ef4344d43ba63cd8928f\Microsoft.Ink.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d7fe0033c89960de70477f3a3bf6f139\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\608fbe1dfdc8d81dacec493fb0359ff4\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9118d768723cabeb71ee31c9ae817dd5\mcstore.ni.dll
+ 2012-06-13 22:51 . 2012-06-13 22:51 1554944 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\50b05454f7dee5c08072697e1460e8f6\Intuit.Ctg.Map.ni.dll
+ 2012-06-13 21:10 . 2012-06-13 21:10 1600000 c:\windows\assembly\NativeImages_v2.0.50727_32\Globe\8f63fc457b6be14c81b81e6ef3c0acb3\Globe.ni.exe
- 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 13:44 . 2012-03-21 22:29 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-13 22:47 . 2012-06-13 22:47 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\be472c4f636fc5b8fc38476dbfe01358\System.Web.ni.dll
+ 2012-06-13 22:48 . 2012-06-13 22:48 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\2cf901cb93fe6a24b4466094390ec73a\System.Design.ni.dll
+ 2012-06-13 22:47 . 2012-06-13 22:47 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-13 22:46 . 2012-06-13 22:46 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-06-14 13:58 . 2012-06-14 13:58 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\fdb5565e4c807a8cd79de9f40c0cd644\System.Web.ni.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\ecde3362b4d67a0025c3c9d5b9525f4a\System.Design.ni.dll
+ 2012-06-13 17:17 . 2012-06-13 17:17 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-06-13 17:16 . 2012-06-13 17:16 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-06-14 13:59 . 2012-06-14 13:59 14787072 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.SwingA#\67e7dd8b3687e99cb4e2711808d20fbf\IKVM.OpenJDK.SwingAWT.ni.dll
+ 2012-06-13 17:24 . 2012-06-13 17:24 17382912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll
+ 2012-06-13 17:07 . 2012-06-13 17:07 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f60e7a4f2bf0c1926e741a4a6fea92a8\System.Web.ni.dll
+ 2012-06-13 17:26 . 2012-06-13 17:26 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll
+ 2012-06-13 17:08 . 2012-06-13 17:08 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\ac63440bb1445b2e911372bd24d08f93\System.Design.ni.dll
+ 2012-06-13 17:25 . 2012-06-13 17:25 19173376 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\916af5e5c39e1226e0b87a80e3a979f2\PresentationFramework.ni.dll
+ 2012-06-13 17:24 . 2012-06-13 17:24 16517120 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\ea90a194614680a484a25b6ccc4df754\PresentationCore.ni.dll
+ 2012-06-13 22:43 . 2012-06-13 22:43 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\a1484b74816bb58e5a5e59cc750fc3bd\ehshell.ni.dll
+ 2012-06-13 17:27 . 2012-06-13 17:27 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
+ 2012-06-13 17:11 . 2012-06-13 17:11 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7e3076316dc186d8b655a35a08e827ab\System.Web.ni.dll
+ 2012-06-13 17:11 . 2012-06-13 17:11 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b2883e90a41a53a1444c8c5226a1e45b\System.Design.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\1321319c8922886e520d2821b5a64dca\System.Design.ni.dll
+ 2012-06-13 17:28 . 2012-06-13 17:28 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
+ 2012-06-13 17:27 . 2012-06-13 17:27 12218880 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
+ 2012-06-14 13:57 . 2012-06-14 13:57 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
- 2012-05-11 00:03 . 2012-05-11 00:04 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-06 102400]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2011-8-22 1106432]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/24 06:08;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25 136176]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PowerLabUSB;ADInstruments PowerLab driver;c:\windows\system32\DRIVERS\plusb2_0_3_NTamd64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-07 1926448]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25 21:32]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25 21:32]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1819021239-1962948344-1292429427-1001Core.job
- c:\users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 02:12]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1819021239-1962948344-1292429427-1001UA.job
- c:\users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 02:12]
.
2012-06-13 c:\windows\Tasks\HPCeeScheduleForCarlos.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-06 413720]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-09 487424]
"combofix"="c:\combofix\CF24650.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://movies.netflix.com/WiHome
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110917&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-14 22:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 02:11
ComboFix2.txt 2012-06-12 03:38
ComboFix3.txt 2012-06-11 15:20
.
Pre-Run: 292,117,602,304 bytes free
Post-Run: 291,637,940,224 bytes free
.
- - End Of File - - C676927686F45FFAA01A6BA54877B2A5

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 14 June 2012 - 09:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 15 June 2012 - 01:02 AM

Gringo,

I didn't have any problems running aswMBR and TDSSKiller. This last one didn't show any messages about infected or suspicious files. No rebooting requested.

See below 1-TDSSKiller report, and 2-aswMBR log

Thank you for your follow up!


23:38:33.0313 7084 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
23:38:33.0579 7084 ============================================================
23:38:33.0579 7084 Current date / time: 2012/06/14 23:38:33.0579
23:38:33.0579 7084 SystemInfo:
23:38:33.0579 7084
23:38:33.0579 7084 OS Version: 6.1.7600 ServicePack: 0.0
23:38:33.0579 7084 Product type: Workstation
23:38:33.0579 7084 ComputerName: CARLOS-HOME
23:38:33.0579 7084 UserName: Carlos
23:38:33.0579 7084 Windows directory: C:\Windows
23:38:33.0579 7084 System windows directory: C:\Windows
23:38:33.0579 7084 Running under WOW64
23:38:33.0579 7084 Processor architecture: Intel x64
23:38:33.0579 7084 Number of processors: 4
23:38:33.0579 7084 Page size: 0x1000
23:38:33.0579 7084 Boot type: Normal boot
23:38:33.0579 7084 ============================================================
23:38:34.0187 7084 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:38:34.0203 7084 ============================================================
23:38:34.0203 7084 \Device\Harddisk0\DR0:
23:38:34.0203 7084 MBR partitions:
23:38:34.0203 7084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:38:34.0203 7084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x36FAB000
23:38:34.0203 7084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3700F000, BlocksNum 0x3343000
23:38:34.0203 7084 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:38:34.0203 7084 ============================================================
23:38:34.0234 7084 C: <-> \Device\Harddisk0\DR0\Partition1
23:38:34.0234 7084 ============================================================
23:38:34.0234 7084 Initialize success
23:38:34.0234 7084 ============================================================
23:38:43.0157 5392 ============================================================
23:38:43.0157 5392 Scan started
23:38:43.0157 5392 Mode: Manual;
23:38:43.0157 5392 ============================================================
23:38:43.0734 5392 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:38:43.0750 5392 1394ohci - ok
23:38:43.0812 5392 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:38:43.0812 5392 Accelerometer - ok
23:38:43.0890 5392 acedrv09 (eae3d29874f8d26e3ec9886fe6d8fbf5) C:\Windows\system32\drivers\acedrv09.sys
23:38:43.0890 5392 acedrv09 - ok
23:38:43.0937 5392 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:38:43.0953 5392 ACPI - ok
23:38:43.0999 5392 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:38:43.0999 5392 AcpiPmi - ok
23:38:44.0109 5392 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:38:44.0109 5392 AdobeARMservice - ok
23:38:44.0280 5392 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:38:44.0280 5392 AdobeFlashPlayerUpdateSvc - ok
23:38:44.0389 5392 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:38:44.0389 5392 adp94xx - ok
23:38:44.0467 5392 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:38:44.0467 5392 adpahci - ok
23:38:44.0514 5392 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:38:44.0514 5392 adpu320 - ok
23:38:44.0545 5392 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:38:44.0545 5392 AeLookupSvc - ok
23:38:44.0655 5392 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
23:38:44.0670 5392 AESTFilters - ok
23:38:44.0748 5392 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:38:44.0764 5392 AFD - ok
23:38:44.0826 5392 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:38:44.0826 5392 agp440 - ok
23:38:44.0857 5392 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:38:44.0857 5392 ALG - ok
23:38:44.0904 5392 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:38:44.0904 5392 aliide - ok
23:38:44.0982 5392 AMD External Events Utility (dd7445597efb93171399d488a6379c79) C:\Windows\system32\atiesrxx.exe
23:38:44.0982 5392 AMD External Events Utility - ok
23:38:44.0998 5392 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:38:44.0998 5392 amdide - ok
23:38:45.0045 5392 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:38:45.0060 5392 AmdK8 - ok
23:38:45.0528 5392 amdkmdag (3f0207dd9519bbf9d753c8f3d5ebe535) C:\Windows\system32\DRIVERS\atikmdag.sys
23:38:45.0606 5392 amdkmdag - ok
23:38:45.0793 5392 amdkmdap (119b24f048f35be09dfabbb5b757de09) C:\Windows\system32\DRIVERS\atikmpag.sys
23:38:45.0793 5392 amdkmdap - ok
23:38:45.0871 5392 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:38:45.0871 5392 AmdPPM - ok
23:38:45.0918 5392 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:38:45.0918 5392 amdsata - ok
23:38:45.0965 5392 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:38:45.0965 5392 amdsbs - ok
23:38:45.0981 5392 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:38:45.0981 5392 amdxata - ok
23:38:46.0027 5392 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS
23:38:46.0027 5392 AmUStor - ok
23:38:46.0105 5392 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:38:46.0105 5392 AppID - ok
23:38:46.0137 5392 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:38:46.0137 5392 AppIDSvc - ok
23:38:46.0152 5392 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:38:46.0152 5392 Appinfo - ok
23:38:46.0293 5392 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:38:46.0293 5392 Apple Mobile Device - ok
23:38:46.0417 5392 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:38:46.0558 5392 arc - ok
23:38:46.0589 5392 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:38:46.0589 5392 arcsas - ok
23:38:46.0714 5392 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:38:46.0714 5392 aspnet_state - ok
23:38:46.0792 5392 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:38:46.0792 5392 AsyncMac - ok
23:38:46.0839 5392 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:38:46.0839 5392 atapi - ok
23:38:46.0917 5392 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
23:38:46.0917 5392 AtiHdmiService - ok
23:38:47.0026 5392 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:38:47.0026 5392 AudioEndpointBuilder - ok
23:38:47.0041 5392 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:38:47.0057 5392 AudioSrv - ok
23:38:47.0541 5392 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:38:47.0572 5392 AVGIDSAgent - ok
23:38:47.0759 5392 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:38:47.0759 5392 AVGIDSDriver - ok
23:38:47.0821 5392 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
23:38:47.0821 5392 AVGIDSFilter - ok
23:38:47.0884 5392 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
23:38:47.0884 5392 AVGIDSHA - ok
23:38:47.0946 5392 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
23:38:47.0946 5392 Avgldx64 - ok
23:38:47.0993 5392 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:38:47.0993 5392 Avgmfx64 - ok
23:38:48.0055 5392 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:38:48.0055 5392 Avgrkx64 - ok
23:38:48.0118 5392 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
23:38:48.0133 5392 Avgtdia - ok
23:38:48.0258 5392 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:38:48.0258 5392 avgwd - ok
23:38:48.0321 5392 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:38:48.0321 5392 AxInstSV - ok
23:38:48.0414 5392 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:38:48.0430 5392 b06bdrv - ok
23:38:48.0492 5392 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:38:48.0508 5392 b57nd60a - ok
23:38:48.0617 5392 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:38:48.0633 5392 BBSvc - ok
23:38:48.0648 5392 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:38:48.0648 5392 BDESVC - ok
23:38:48.0695 5392 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:38:48.0695 5392 Beep - ok
23:38:48.0804 5392 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:38:48.0820 5392 BFE - ok
23:38:48.0929 5392 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
23:38:48.0945 5392 BITS - ok
23:38:49.0023 5392 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:38:49.0023 5392 blbdrive - ok
23:38:49.0132 5392 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:38:49.0147 5392 Bonjour Service - ok
23:38:49.0210 5392 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:38:49.0210 5392 bowser - ok
23:38:49.0257 5392 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:38:49.0272 5392 BrFiltLo - ok
23:38:49.0303 5392 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:38:49.0303 5392 BrFiltUp - ok
23:38:49.0366 5392 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:38:49.0381 5392 BridgeMP - ok
23:38:49.0413 5392 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:38:49.0413 5392 Browser - ok
23:38:49.0459 5392 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:38:49.0459 5392 Brserid - ok
23:38:49.0491 5392 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:38:49.0491 5392 BrSerWdm - ok
23:38:49.0506 5392 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:38:49.0506 5392 BrUsbMdm - ok
23:38:49.0522 5392 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:38:49.0522 5392 BrUsbSer - ok
23:38:49.0600 5392 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:38:49.0600 5392 BthEnum - ok
23:38:49.0647 5392 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:38:49.0647 5392 BTHMODEM - ok
23:38:49.0709 5392 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:38:49.0725 5392 BthPan - ok
23:38:49.0803 5392 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
23:38:49.0818 5392 BTHPORT - ok
23:38:49.0881 5392 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:38:49.0881 5392 bthserv - ok
23:38:49.0896 5392 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
23:38:49.0896 5392 BTHUSB - ok
23:38:49.0959 5392 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
23:38:49.0974 5392 btwaudio - ok
23:38:49.0990 5392 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
23:38:49.0990 5392 btwavdt - ok
23:38:50.0146 5392 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:38:50.0146 5392 btwdins - ok
23:38:50.0161 5392 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:38:50.0161 5392 btwl2cap - ok
23:38:50.0177 5392 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
23:38:50.0177 5392 btwrchid - ok
23:38:50.0193 5392 catchme - ok
23:38:50.0239 5392 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:38:50.0239 5392 cdfs - ok
23:38:50.0302 5392 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:38:50.0302 5392 cdrom - ok
23:38:50.0349 5392 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:38:50.0349 5392 CertPropSvc - ok
23:38:50.0411 5392 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:38:50.0411 5392 circlass - ok
23:38:50.0473 5392 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:38:50.0473 5392 CLFS - ok
23:38:50.0629 5392 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
23:38:50.0629 5392 CLKMSVC10_C6F09094 - ok
23:38:50.0692 5392 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:38:50.0692 5392 clr_optimization_v2.0.50727_32 - ok
23:38:50.0754 5392 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:38:50.0754 5392 clr_optimization_v2.0.50727_64 - ok
23:38:50.0832 5392 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:38:50.0848 5392 clr_optimization_v4.0.30319_32 - ok
23:38:50.0879 5392 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:38:50.0879 5392 clr_optimization_v4.0.30319_64 - ok
23:38:51.0004 5392 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
23:38:51.0004 5392 clwvd - ok
23:38:51.0066 5392 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:38:51.0066 5392 CmBatt - ok
23:38:51.0082 5392 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:38:51.0082 5392 cmdide - ok
23:38:51.0160 5392 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:38:51.0160 5392 CNG - ok
23:38:51.0222 5392 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:38:51.0222 5392 Compbatt - ok
23:38:51.0285 5392 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:38:51.0285 5392 CompositeBus - ok
23:38:51.0300 5392 COMSysApp - ok
23:38:51.0331 5392 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:38:51.0331 5392 crcdisk - ok
23:38:51.0394 5392 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
23:38:51.0394 5392 CryptSvc - ok
23:38:51.0472 5392 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:38:51.0472 5392 DcomLaunch - ok
23:38:51.0519 5392 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:38:51.0534 5392 defragsvc - ok
23:38:51.0597 5392 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:38:51.0597 5392 DfsC - ok
23:38:51.0675 5392 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:38:51.0690 5392 Dhcp - ok
23:38:51.0706 5392 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:38:51.0706 5392 discache - ok
23:38:51.0784 5392 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:38:51.0784 5392 Disk - ok
23:38:51.0831 5392 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:38:51.0846 5392 Dnscache - ok
23:38:51.0877 5392 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:38:51.0877 5392 dot3svc - ok
23:38:52.0002 5392 DpHost (3e6b2753a09d46958f5d0df8e1b650ca) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
23:38:52.0002 5392 DpHost - ok
23:38:52.0033 5392 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:38:52.0033 5392 DPS - ok
23:38:52.0080 5392 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:38:52.0080 5392 drmkaud - ok
23:38:52.0158 5392 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
23:38:52.0158 5392 DVMIO - ok
23:38:52.0236 5392 DvmMDES (022acbae96cb9f0d9cc4a3287d0c8868) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
23:38:52.0236 5392 DvmMDES - ok
23:38:52.0361 5392 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
23:38:52.0377 5392 DXGKrnl - ok
23:38:52.0439 5392 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:38:52.0439 5392 EapHost - ok
23:38:52.0689 5392 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:38:52.0735 5392 ebdrv - ok
23:38:52.0891 5392 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:38:52.0891 5392 EFS - ok
23:38:53.0016 5392 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:38:53.0032 5392 ehRecvr - ok
23:38:53.0047 5392 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:38:53.0047 5392 ehSched - ok
23:38:53.0172 5392 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:38:53.0188 5392 elxstor - ok
23:38:53.0203 5392 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:38:53.0203 5392 ErrDev - ok
23:38:53.0297 5392 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:38:53.0297 5392 EventSystem - ok
23:38:53.0359 5392 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:38:53.0359 5392 exfat - ok
23:38:53.0391 5392 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:38:53.0391 5392 fastfat - ok
23:38:53.0484 5392 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:38:53.0500 5392 Fax - ok
23:38:53.0578 5392 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:38:53.0578 5392 fdc - ok
23:38:53.0625 5392 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:38:53.0625 5392 fdPHost - ok
23:38:53.0640 5392 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:38:53.0640 5392 FDResPub - ok
23:38:53.0671 5392 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:38:53.0671 5392 FileInfo - ok
23:38:53.0687 5392 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:38:53.0687 5392 Filetrace - ok
23:38:53.0703 5392 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:38:53.0703 5392 flpydisk - ok
23:38:53.0734 5392 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:38:53.0734 5392 FltMgr - ok
23:38:53.0874 5392 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:38:53.0890 5392 FontCache - ok
23:38:53.0952 5392 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:38:53.0952 5392 FontCache3.0.0.0 - ok
23:38:54.0015 5392 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:38:54.0015 5392 FsDepends - ok
23:38:54.0077 5392 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:38:54.0077 5392 fssfltr - ok
23:38:54.0311 5392 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:38:54.0327 5392 fsssvc - ok
23:38:54.0483 5392 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:38:54.0483 5392 Fs_Rec - ok
23:38:54.0561 5392 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:38:54.0561 5392 fvevol - ok
23:38:54.0623 5392 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:38:54.0623 5392 gagp30kx - ok
23:38:54.0701 5392 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:38:54.0701 5392 GameConsoleService - ok
23:38:54.0763 5392 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:38:54.0763 5392 GEARAspiWDM - ok
23:38:54.0873 5392 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:38:54.0873 5392 gpsvc - ok
23:38:55.0013 5392 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:38:55.0013 5392 gupdate - ok
23:38:55.0075 5392 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:38:55.0075 5392 gupdatem - ok
23:38:55.0122 5392 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:38:55.0138 5392 gusvc - ok
23:38:55.0185 5392 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:38:55.0185 5392 hcw85cir - ok
23:38:55.0216 5392 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:38:55.0231 5392 HdAudAddService - ok
23:38:55.0309 5392 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:38:55.0309 5392 HDAudBus - ok
23:38:55.0372 5392 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:38:55.0372 5392 HECIx64 - ok
23:38:55.0403 5392 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:38:55.0403 5392 HidBatt - ok
23:38:55.0434 5392 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:38:55.0434 5392 HidBth - ok
23:38:55.0481 5392 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:38:55.0481 5392 HidIr - ok
23:38:55.0497 5392 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:38:55.0512 5392 hidserv - ok
23:38:55.0559 5392 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:38:55.0559 5392 HidUsb - ok
23:38:55.0606 5392 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:38:55.0621 5392 hkmsvc - ok
23:38:55.0637 5392 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:38:55.0637 5392 HomeGroupListener - ok
23:38:55.0668 5392 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:38:55.0668 5392 HomeGroupProvider - ok
23:38:55.0809 5392 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:38:55.0824 5392 HP Support Assistant Service - ok
23:38:55.0918 5392 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
23:38:55.0918 5392 HP Wireless Assistant Service - ok
23:38:56.0011 5392 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:38:56.0011 5392 HPDrvMntSvc.exe - ok
23:38:56.0074 5392 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:38:56.0074 5392 hpdskflt - ok
23:38:56.0183 5392 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:38:56.0199 5392 hpqwmiex - ok
23:38:56.0277 5392 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:38:56.0277 5392 HpSAMD - ok
23:38:56.0323 5392 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
23:38:56.0323 5392 hpsrv - ok
23:38:56.0401 5392 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:38:56.0401 5392 HPWMISVC - ok
23:38:56.0511 5392 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:38:56.0526 5392 HTTP - ok
23:38:56.0542 5392 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:38:56.0542 5392 hwpolicy - ok
23:38:56.0604 5392 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:38:56.0604 5392 i8042prt - ok
23:38:56.0651 5392 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
23:38:56.0651 5392 iaStor - ok
23:38:56.0760 5392 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:38:56.0760 5392 IAStorDataMgrSvc - ok
23:38:56.0854 5392 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:38:56.0854 5392 iaStorV - ok
23:38:56.0979 5392 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:38:56.0979 5392 idsvc - ok
23:38:57.0743 5392 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:38:57.0946 5392 igfx - ok
23:38:58.0086 5392 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:38:58.0102 5392 iirsp - ok
23:38:58.0180 5392 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:38:58.0195 5392 IKEEXT - ok
23:38:58.0227 5392 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:38:58.0227 5392 Impcd - ok
23:38:58.0273 5392 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:38:58.0273 5392 intelide - ok
23:38:59.0007 5392 intelkmd (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:38:59.0116 5392 intelkmd - ok
23:38:59.0287 5392 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:38:59.0287 5392 intelppm - ok
23:38:59.0443 5392 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:38:59.0443 5392 IntuitUpdateService - ok
23:38:59.0537 5392 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
23:38:59.0537 5392 IntuitUpdateServiceV4 - ok
23:38:59.0599 5392 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:38:59.0599 5392 IPBusEnum - ok
23:38:59.0615 5392 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:38:59.0615 5392 IpFilterDriver - ok
23:38:59.0677 5392 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:38:59.0693 5392 iphlpsvc - ok
23:38:59.0724 5392 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:38:59.0724 5392 IPMIDRV - ok
23:38:59.0755 5392 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:38:59.0755 5392 IPNAT - ok
23:38:59.0896 5392 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:38:59.0911 5392 iPod Service - ok
23:38:59.0958 5392 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:38:59.0958 5392 IRENUM - ok
23:39:00.0021 5392 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:39:00.0021 5392 isapnp - ok
23:39:00.0067 5392 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:39:00.0067 5392 iScsiPrt - ok
23:39:00.0145 5392 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:39:00.0145 5392 kbdclass - ok
23:39:00.0192 5392 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:39:00.0208 5392 kbdhid - ok
23:39:00.0270 5392 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:39:00.0270 5392 KeyIso - ok
23:39:00.0286 5392 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:39:00.0286 5392 KSecDD - ok
23:39:00.0317 5392 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:39:00.0317 5392 KSecPkg - ok
23:39:00.0333 5392 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:39:00.0333 5392 ksthunk - ok
23:39:00.0379 5392 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:39:00.0395 5392 KtmRm - ok
23:39:00.0426 5392 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
23:39:00.0426 5392 LanmanServer - ok
23:39:00.0457 5392 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:39:00.0473 5392 LanmanWorkstation - ok
23:39:00.0535 5392 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:39:00.0535 5392 LightScribeService - ok
23:39:00.0598 5392 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:39:00.0598 5392 lltdio - ok
23:39:00.0645 5392 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:39:00.0660 5392 lltdsvc - ok
23:39:00.0676 5392 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:39:00.0676 5392 lmhosts - ok
23:39:00.0769 5392 LMS (25884ca77f8d926b69167bc231d3726e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:39:00.0769 5392 LMS - ok
23:39:00.0816 5392 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:39:00.0832 5392 LSI_FC - ok
23:39:00.0863 5392 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:39:00.0863 5392 LSI_SAS - ok
23:39:00.0894 5392 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:39:00.0894 5392 LSI_SAS2 - ok
23:39:00.0910 5392 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:39:00.0910 5392 LSI_SCSI - ok
23:39:00.0941 5392 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:39:00.0941 5392 luafv - ok
23:39:01.0019 5392 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:39:01.0019 5392 MBAMProtector - ok
23:39:01.0113 5392 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:39:01.0113 5392 MBAMService - ok
23:39:01.0159 5392 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:39:01.0159 5392 Mcx2Svc - ok
23:39:01.0284 5392 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:39:01.0284 5392 MDM - ok
23:39:01.0315 5392 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:39:01.0315 5392 megasas - ok
23:39:01.0378 5392 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:39:01.0393 5392 MegaSR - ok
23:39:01.0456 5392 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:39:01.0456 5392 Microsoft Office Groove Audit Service - ok
23:39:01.0487 5392 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:39:01.0487 5392 MMCSS - ok
23:39:01.0518 5392 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:39:01.0518 5392 Modem - ok
23:39:01.0534 5392 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:39:01.0534 5392 monitor - ok
23:39:01.0612 5392 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:39:01.0627 5392 mouclass - ok
23:39:01.0674 5392 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:39:01.0674 5392 mouhid - ok
23:39:01.0737 5392 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:39:01.0737 5392 mountmgr - ok
23:39:01.0768 5392 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:39:01.0768 5392 mpio - ok
23:39:01.0799 5392 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:39:01.0799 5392 mpsdrv - ok
23:39:01.0861 5392 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:39:01.0877 5392 MpsSvc - ok
23:39:01.0908 5392 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:39:01.0908 5392 MRxDAV - ok
23:39:01.0971 5392 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:39:01.0971 5392 mrxsmb - ok
23:39:02.0033 5392 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:39:02.0033 5392 mrxsmb10 - ok
23:39:02.0064 5392 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:39:02.0064 5392 mrxsmb20 - ok
23:39:02.0080 5392 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
23:39:02.0080 5392 msahci - ok
23:39:02.0127 5392 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:39:02.0127 5392 msdsm - ok
23:39:02.0158 5392 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:39:02.0158 5392 MSDTC - ok
23:39:02.0220 5392 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:39:02.0220 5392 Msfs - ok
23:39:02.0267 5392 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:39:02.0267 5392 mshidkmdf - ok
23:39:02.0283 5392 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:39:02.0283 5392 msisadrv - ok
23:39:02.0298 5392 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:39:02.0314 5392 MSiSCSI - ok
23:39:02.0314 5392 msiserver - ok
23:39:02.0361 5392 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:39:02.0361 5392 MSKSSRV - ok
23:39:02.0376 5392 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:39:02.0376 5392 MSPCLOCK - ok
23:39:02.0392 5392 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:39:02.0392 5392 MSPQM - ok
23:39:02.0423 5392 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:39:02.0439 5392 MsRPC - ok
23:39:02.0454 5392 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:39:02.0454 5392 mssmbios - ok
23:39:02.0470 5392 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:39:02.0470 5392 MSTEE - ok
23:39:02.0517 5392 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:39:02.0517 5392 MTConfig - ok
23:39:02.0548 5392 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:39:02.0548 5392 Mup - ok
23:39:02.0595 5392 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:39:02.0610 5392 napagent - ok
23:39:02.0688 5392 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:39:02.0704 5392 NativeWifiP - ok
23:39:02.0813 5392 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:39:02.0813 5392 NDIS - ok
23:39:02.0829 5392 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:39:02.0829 5392 NdisCap - ok
23:39:02.0875 5392 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:39:02.0875 5392 NdisTapi - ok
23:39:02.0891 5392 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:39:02.0891 5392 Ndisuio - ok
23:39:02.0922 5392 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:39:02.0922 5392 NdisWan - ok
23:39:02.0938 5392 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:39:02.0938 5392 NDProxy - ok
23:39:02.0985 5392 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:39:02.0985 5392 NetBIOS - ok
23:39:03.0016 5392 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:39:03.0016 5392 NetBT - ok
23:39:03.0078 5392 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:39:03.0078 5392 Netlogon - ok
23:39:03.0109 5392 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:39:03.0125 5392 Netman - ok
23:39:03.0250 5392 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:03.0250 5392 NetMsmqActivator - ok
23:39:03.0265 5392 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:03.0265 5392 NetPipeActivator - ok
23:39:03.0312 5392 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:39:03.0312 5392 netprofm - ok
23:39:03.0312 5392 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:03.0328 5392 NetTcpActivator - ok
23:39:03.0328 5392 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:03.0328 5392 NetTcpPortSharing - ok
23:39:03.0905 5392 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
23:39:03.0983 5392 NETw5s64 - ok
23:39:04.0513 5392 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:39:04.0560 5392 netw5v64 - ok
23:39:05.0247 5392 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:39:05.0340 5392 NETwNs64 - ok
23:39:05.0496 5392 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:39:05.0496 5392 nfrd960 - ok
23:39:05.0590 5392 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:39:05.0590 5392 NlaSvc - ok
23:39:05.0605 5392 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:39:05.0605 5392 Npfs - ok
23:39:05.0621 5392 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:39:05.0621 5392 nsi - ok
23:39:05.0637 5392 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:39:05.0637 5392 nsiproxy - ok
23:39:05.0793 5392 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:39:05.0808 5392 Ntfs - ok
23:39:05.0917 5392 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:39:05.0933 5392 Null - ok
23:39:05.0995 5392 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:39:05.0995 5392 nvraid - ok
23:39:06.0042 5392 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:39:06.0042 5392 nvstor - ok
23:39:06.0105 5392 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:39:06.0120 5392 nv_agp - ok
23:39:06.0245 5392 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:39:06.0245 5392 odserv - ok
23:39:06.0292 5392 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:39:06.0292 5392 ohci1394 - ok
23:39:06.0339 5392 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:39:06.0339 5392 ose - ok
23:39:06.0417 5392 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:39:06.0432 5392 p2pimsvc - ok
23:39:06.0479 5392 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:39:06.0479 5392 p2psvc - ok
23:39:06.0510 5392 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:39:06.0510 5392 Parport - ok
23:39:06.0557 5392 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:39:06.0573 5392 partmgr - ok
23:39:06.0588 5392 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:39:06.0604 5392 PcaSvc - ok
23:39:06.0619 5392 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:39:06.0619 5392 pci - ok
23:39:06.0682 5392 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:39:06.0682 5392 pciide - ok
23:39:06.0729 5392 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:39:06.0729 5392 pcmcia - ok
23:39:06.0744 5392 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:39:06.0744 5392 pcw - ok
23:39:06.0791 5392 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:39:06.0791 5392 PEAUTH - ok
23:39:06.0869 5392 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:39:06.0869 5392 PerfHost - ok
23:39:07.0009 5392 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:39:07.0025 5392 pla - ok
23:39:07.0119 5392 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:39:07.0119 5392 PlugPlay - ok
23:39:07.0134 5392 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:39:07.0150 5392 PNRPAutoReg - ok
23:39:07.0181 5392 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:39:07.0181 5392 PNRPsvc - ok
23:39:07.0243 5392 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:39:07.0243 5392 PolicyAgent - ok
23:39:07.0275 5392 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:39:07.0290 5392 Power - ok
23:39:07.0399 5392 PowerLabUSB (b85a16fc4aabfb6293c18893ff879366) C:\Windows\system32\DRIVERS\plusb2_0_3_NTamd64.sys
23:39:07.0399 5392 PowerLabUSB - ok
23:39:07.0477 5392 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:39:07.0477 5392 PptpMiniport - ok
23:39:07.0509 5392 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:39:07.0509 5392 Processor - ok
23:39:07.0571 5392 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
23:39:07.0571 5392 ProfSvc - ok
23:39:07.0633 5392 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:39:07.0633 5392 ProtectedStorage - ok
23:39:07.0680 5392 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:39:07.0696 5392 Psched - ok
23:39:07.0774 5392 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
23:39:07.0774 5392 PSI_SVC_2 - ok
23:39:07.0930 5392 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:39:07.0945 5392 ql2300 - ok
23:39:08.0070 5392 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:39:08.0070 5392 ql40xx - ok
23:39:08.0117 5392 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:39:08.0117 5392 QWAVE - ok
23:39:08.0133 5392 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:39:08.0133 5392 QWAVEdrv - ok
23:39:08.0148 5392 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:39:08.0148 5392 RasAcd - ok
23:39:08.0195 5392 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:39:08.0211 5392 RasAgileVpn - ok
23:39:08.0226 5392 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:39:08.0226 5392 RasAuto - ok
23:39:08.0242 5392 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:39:08.0242 5392 Rasl2tp - ok
23:39:08.0289 5392 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:39:08.0289 5392 RasMan - ok
23:39:08.0304 5392 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:39:08.0304 5392 RasPppoe - ok
23:39:08.0335 5392 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:39:08.0335 5392 RasSstp - ok
23:39:08.0367 5392 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:39:08.0367 5392 rdbss - ok
23:39:08.0382 5392 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:39:08.0398 5392 rdpbus - ok
23:39:08.0429 5392 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:39:08.0429 5392 RDPCDD - ok
23:39:08.0445 5392 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:39:08.0445 5392 RDPENCDD - ok
23:39:08.0460 5392 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:39:08.0460 5392 RDPREFMP - ok
23:39:08.0523 5392 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
23:39:08.0523 5392 RDPWD - ok
23:39:08.0569 5392 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:39:08.0585 5392 rdyboost - ok
23:39:08.0616 5392 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:39:08.0616 5392 RemoteAccess - ok
23:39:08.0647 5392 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:39:08.0647 5392 RemoteRegistry - ok
23:39:08.0710 5392 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:39:08.0710 5392 RFCOMM - ok
23:39:08.0725 5392 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:39:08.0725 5392 RpcEptMapper - ok
23:39:08.0741 5392 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:39:08.0741 5392 RpcLocator - ok
23:39:08.0788 5392 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:39:08.0803 5392 RpcSs - ok
23:39:08.0835 5392 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:39:08.0835 5392 rspndr - ok
23:39:08.0881 5392 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:39:08.0881 5392 RTL8167 - ok
23:39:08.0928 5392 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:39:08.0928 5392 SamSs - ok
23:39:08.0959 5392 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:39:08.0959 5392 sbp2port - ok
23:39:08.0991 5392 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:39:08.0991 5392 SCardSvr - ok
23:39:09.0006 5392 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:39:09.0006 5392 scfilter - ok
23:39:09.0131 5392 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:39:09.0147 5392 Schedule - ok
23:39:09.0178 5392 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:39:09.0178 5392 SCPolicySvc - ok
23:39:09.0240 5392 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
23:39:09.0240 5392 sdbus - ok
23:39:09.0287 5392 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:39:09.0287 5392 SDRSVC - ok
23:39:09.0412 5392 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:39:09.0412 5392 SeaPort - ok
23:39:09.0474 5392 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:39:09.0474 5392 secdrv - ok
23:39:09.0490 5392 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:39:09.0505 5392 seclogon - ok
23:39:09.0521 5392 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:39:09.0537 5392 SENS - ok
23:39:09.0583 5392 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:39:09.0583 5392 SensrSvc - ok
23:39:09.0661 5392 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:39:09.0661 5392 Serenum - ok
23:39:09.0693 5392 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:39:09.0693 5392 Serial - ok
23:39:09.0739 5392 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:39:09.0739 5392 sermouse - ok
23:39:09.0786 5392 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:39:09.0802 5392 SessionEnv - ok
23:39:09.0833 5392 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:39:09.0833 5392 sffdisk - ok
23:39:09.0864 5392 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:39:09.0864 5392 sffp_mmc - ok
23:39:09.0880 5392 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:39:09.0895 5392 sffp_sd - ok
23:39:09.0927 5392 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:39:09.0927 5392 sfloppy - ok
23:39:09.0989 5392 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:39:09.0989 5392 SharedAccess - ok
23:39:10.0051 5392 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:39:10.0051 5392 ShellHWDetection - ok
23:39:10.0083 5392 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:39:10.0083 5392 SiSRaid2 - ok
23:39:10.0114 5392 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:39:10.0114 5392 SiSRaid4 - ok
23:39:10.0239 5392 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:39:10.0239 5392 SkypeUpdate - ok
23:39:10.0301 5392 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:39:10.0301 5392 Smb - ok
23:39:10.0363 5392 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:39:10.0379 5392 SNMPTRAP - ok
23:39:10.0395 5392 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:39:10.0395 5392 spldr - ok
23:39:10.0441 5392 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:39:10.0457 5392 Spooler - ok
23:39:10.0707 5392 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:39:10.0753 5392 sppsvc - ok
23:39:10.0847 5392 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:39:10.0847 5392 sppuinotify - ok
23:39:10.0941 5392 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:39:10.0941 5392 srv - ok
23:39:10.0987 5392 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:39:10.0987 5392 srv2 - ok
23:39:11.0081 5392 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:39:11.0081 5392 SrvHsfHDA - ok
23:39:11.0221 5392 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:39:11.0237 5392 SrvHsfV92 - ok
23:39:11.0393 5392 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:39:11.0409 5392 SrvHsfWinac - ok
23:39:11.0471 5392 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:39:11.0487 5392 srvnet - ok
23:39:11.0533 5392 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:39:11.0549 5392 SSDPSRV - ok
23:39:11.0565 5392 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:39:11.0565 5392 SstpSvc - ok
23:39:11.0689 5392 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
23:39:11.0689 5392 STacSV - ok
23:39:11.0721 5392 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:39:11.0721 5392 stexstor - ok
23:39:11.0767 5392 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
23:39:11.0783 5392 STHDA - ok
23:39:11.0845 5392 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:39:11.0845 5392 stisvc - ok
23:39:11.0861 5392 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:39:11.0861 5392 swenum - ok
23:39:11.0908 5392 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:39:11.0908 5392 swprv - ok
23:39:12.0017 5392 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
23:39:12.0017 5392 SynTP - ok
23:39:12.0157 5392 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:39:12.0189 5392 SysMain - ok
23:39:12.0298 5392 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:39:12.0298 5392 TabletInputService - ok
23:39:12.0563 5392 TabletServicePen (ba44830cdebe45fe2e1440b4c5b5d8e8) C:\Windows\system32\Pen_Tablet.exe
23:39:12.0594 5392 TabletServicePen - ok
23:39:12.0672 5392 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:39:12.0672 5392 TapiSrv - ok
23:39:12.0688 5392 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:39:12.0688 5392 TBS - ok
23:39:12.0922 5392 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:39:12.0937 5392 Tcpip - ok
23:39:13.0171 5392 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:39:13.0187 5392 TCPIP6 - ok
23:39:13.0234 5392 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:39:13.0234 5392 tcpipreg - ok
23:39:13.0296 5392 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:39:13.0296 5392 TDPIPE - ok
23:39:13.0343 5392 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:39:13.0343 5392 TDTCP - ok
23:39:13.0374 5392 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:39:13.0374 5392 tdx - ok
23:39:13.0421 5392 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:39:13.0421 5392 TermDD - ok
23:39:13.0499 5392 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:39:13.0499 5392 TermService - ok
23:39:13.0530 5392 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:39:13.0530 5392 Themes - ok
23:39:13.0546 5392 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:39:13.0546 5392 THREADORDER - ok
23:39:13.0561 5392 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:39:13.0577 5392 TrkWks - ok
23:39:13.0624 5392 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:39:13.0624 5392 TrustedInstaller - ok
23:39:13.0671 5392 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:39:13.0671 5392 tssecsrv - ok
23:39:13.0733 5392 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:39:13.0733 5392 tunnel - ok
23:39:13.0749 5392 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:39:13.0749 5392 uagp35 - ok
23:39:13.0811 5392 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
23:39:13.0811 5392 udfs - ok
23:39:13.0858 5392 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:39:13.0858 5392 UI0Detect - ok
23:39:13.0905 5392 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:39:13.0905 5392 uliagpkx - ok
23:39:13.0967 5392 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:39:13.0967 5392 umbus - ok
23:39:14.0029 5392 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:39:14.0029 5392 UmPass - ok
23:39:14.0263 5392 UNS (2b971a72c0d6bd8a710e2748353773dd) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:39:14.0279 5392 UNS - ok
23:39:14.0419 5392 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:39:14.0435 5392 upnphost - ok
23:39:14.0529 5392 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:39:14.0529 5392 USBAAPL64 - ok
23:39:14.0591 5392 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:39:14.0591 5392 usbccgp - ok
23:39:14.0669 5392 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:39:14.0669 5392 usbcir - ok
23:39:14.0716 5392 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
23:39:14.0716 5392 usbehci - ok
23:39:14.0794 5392 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:39:14.0794 5392 usbhub - ok
23:39:14.0841 5392 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
23:39:14.0856 5392 usbohci - ok
23:39:14.0887 5392 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:39:14.0887 5392 usbprint - ok
23:39:14.0934 5392 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:39:14.0934 5392 USBSTOR - ok
23:39:14.0981 5392 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:39:14.0981 5392 usbuhci - ok
23:39:15.0059 5392 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:39:15.0059 5392 usbvideo - ok
23:39:15.0090 5392 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:39:15.0090 5392 UxSms - ok
23:39:15.0137 5392 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:39:15.0137 5392 VaultSvc - ok
23:39:15.0309 5392 vcsFPService (bdb28d602e63de51c252996290ec0ca4) C:\Windows\system32\vcsFPService.exe
23:39:15.0340 5392 vcsFPService - ok
23:39:15.0496 5392 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:39:15.0496 5392 vdrvroot - ok
23:39:15.0558 5392 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:39:15.0574 5392 vds - ok
23:39:15.0589 5392 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:39:15.0605 5392 vga - ok
23:39:15.0621 5392 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:39:15.0621 5392 VgaSave - ok
23:39:15.0652 5392 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:39:15.0667 5392 vhdmp - ok
23:39:15.0714 5392 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:39:15.0714 5392 viaide - ok
23:39:15.0761 5392 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:39:15.0761 5392 volmgr - ok
23:39:15.0792 5392 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:39:15.0792 5392 volmgrx - ok
23:39:15.0823 5392 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:39:15.0823 5392 volsnap - ok
23:39:15.0855 5392 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:39:15.0855 5392 vsmraid - ok
23:39:15.0995 5392 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:39:16.0026 5392 VSS - ok
23:39:16.0135 5392 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:39:16.0135 5392 vwifibus - ok
23:39:16.0151 5392 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:39:16.0151 5392 vwififlt - ok
23:39:16.0213 5392 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:39:16.0229 5392 W32Time - ok
23:39:16.0276 5392 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:39:16.0291 5392 wacommousefilter - ok
23:39:16.0307 5392 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:39:16.0307 5392 WacomPen - ok
23:39:16.0338 5392 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:39:16.0338 5392 wacomvhid - ok
23:39:16.0385 5392 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:16.0401 5392 WANARP - ok
23:39:16.0401 5392 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:16.0401 5392 Wanarpv6 - ok
23:39:16.0557 5392 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:39:16.0588 5392 WatAdminSvc - ok
23:39:16.0713 5392 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:39:16.0728 5392 wbengine - ok
23:39:16.0837 5392 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:39:16.0837 5392 WbioSrvc - ok
23:39:16.0900 5392 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:39:16.0900 5392 wcncsvc - ok
23:39:16.0915 5392 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:39:16.0915 5392 WcsPlugInService - ok
23:39:16.0962 5392 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:39:16.0962 5392 Wd - ok
23:39:17.0040 5392 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:39:17.0040 5392 Wdf01000 - ok
23:39:17.0071 5392 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:39:17.0087 5392 WdiServiceHost - ok
23:39:17.0087 5392 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:39:17.0087 5392 WdiSystemHost - ok
23:39:17.0149 5392 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:39:17.0149 5392 WebClient - ok
23:39:17.0181 5392 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:39:17.0181 5392 Wecsvc - ok
23:39:17.0212 5392 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:39:17.0212 5392 wercplsupport - ok
23:39:17.0259 5392 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:39:17.0274 5392 WerSvc - ok
23:39:17.0321 5392 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:39:17.0321 5392 WfpLwf - ok
23:39:17.0352 5392 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:39:17.0352 5392 WIMMount - ok
23:39:17.0383 5392 WinDefend - ok
23:39:17.0399 5392 WinHttpAutoProxySvc - ok
23:39:17.0461 5392 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:39:17.0461 5392 Winmgmt - ok
23:39:17.0649 5392 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:39:17.0680 5392 WinRM - ok
23:39:17.0836 5392 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
23:39:17.0851 5392 WinUSB - ok
23:39:17.0929 5392 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:39:17.0945 5392 Wlansvc - ok
23:39:18.0023 5392 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:39:18.0023 5392 wlcrasvc - ok
23:39:18.0258 5392 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:39:18.0274 5392 wlidsvc - ok
23:39:18.0414 5392 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:39:18.0414 5392 WmiAcpi - ok
23:39:18.0476 5392 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:39:18.0476 5392 wmiApSrv - ok
23:39:18.0554 5392 WMPNetworkSvc - ok
23:39:18.0617 5392 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:39:18.0617 5392 WPCSvc - ok
23:39:18.0648 5392 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:39:18.0648 5392 WPDBusEnum - ok
23:39:18.0679 5392 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:39:18.0679 5392 ws2ifsl - ok
23:39:18.0726 5392 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
23:39:18.0742 5392 wscsvc - ok
23:39:18.0742 5392 WSearch - ok
23:39:18.0929 5392 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:39:18.0960 5392 wuauserv - ok
23:39:19.0069 5392 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:39:19.0069 5392 WudfPf - ok
23:39:19.0132 5392 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:39:19.0132 5392 WUDFRd - ok
23:39:19.0178 5392 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:39:19.0178 5392 wudfsvc - ok
23:39:19.0225 5392 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:39:19.0225 5392 WwanSvc - ok
23:39:19.0303 5392 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:39:19.0303 5392 yukonw7 - ok
23:39:19.0381 5392 MBR (0x1B8) (0578091caf6c60706e3aa77ced6afeee) \Device\Harddisk0\DR0
23:39:19.0678 5392 \Device\Harddisk0\DR0 - ok
23:39:19.0693 5392 Boot (0x1200) (aa6493a9196db48a7a563ecfb74ceecc) \Device\Harddisk0\DR0\Partition0
23:39:19.0693 5392 \Device\Harddisk0\DR0\Partition0 - ok
23:39:19.0693 5392 Boot (0x1200) (3e47af5305e4e369dda7c5b04fc37bb5) \Device\Harddisk0\DR0\Partition1
23:39:19.0693 5392 \Device\Harddisk0\DR0\Partition1 - ok
23:39:19.0740 5392 Boot (0x1200) (7580d1f08c57322503db6e59dee3399d) \Device\Harddisk0\DR0\Partition2
23:39:19.0740 5392 \Device\Harddisk0\DR0\Partition2 - ok
23:39:19.0756 5392 Boot (0x1200) (e8b67b17cf5057e3760d34b812b6caeb) \Device\Harddisk0\DR0\Partition3
23:39:19.0756 5392 \Device\Harddisk0\DR0\Partition3 - ok
23:39:19.0756 5392 ============================================================
23:39:19.0756 5392 Scan finished
23:39:19.0756 5392 ============================================================
23:39:19.0771 7164 Detected object count: 0
23:39:19.0771 7164 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-14 23:41:12
-----------------------------
23:41:12.234 OS Version: Windows x64 6.1.7600
23:41:12.234 Number of processors: 4 586 0x2505
23:41:12.234 ComputerName: CARLOS-HOME UserName: Carlos
23:41:13.731 Initialize success
23:41:59.989 AVAST engine defs: 12061401
23:42:10.800 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:42:10.815 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
23:42:10.831 Disk 0 MBR read successfully
23:42:10.847 Disk 0 MBR scan
23:42:10.847 Disk 0 unknown MBR code
23:42:10.862 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:42:10.878 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 450390 MB offset 409600
23:42:10.925 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26246 MB offset 922808320
23:42:10.940 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
23:42:11.018 Disk 0 scanning C:\Windows\system32\drivers
23:42:23.093 Service scanning
23:42:55.244 Modules scanning
23:42:55.260 Disk 0 trace - called modules:
23:42:55.291 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
23:42:55.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a118060]
23:42:55.307 3 CLASSPNP.SYS[fffff88001b6043f] -> nt!IofCallDriver -> [0xfffffa8009f64b10]
23:42:55.322 5 hpdskflt.sys[fffff88001b07189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80080ee050]
23:42:56.726 AVAST engine scan C:\Windows
23:43:00.158 AVAST engine scan C:\Windows\system32
23:46:42.693 AVAST engine scan C:\Windows\system32\drivers
23:46:55.688 AVAST engine scan C:\Users\Carlos
01:21:58.335 AVAST engine scan C:\ProgramData
01:48:41.549 Scan finished successfully
01:51:37.627 Disk 0 MBR has been saved successfully to "C:\Users\Carlos\Desktop\MBR.dat"
01:51:37.643 The log file has been saved successfully to "C:\Users\Carlos\Desktop\aswMBR.txt"
01:53:02.307 Disk 0 MBR has been saved successfully to "C:\Users\Carlos\Desktop\MBR.dat"
01:53:02.603 The log file has been saved successfully to "C:\Users\Carlos\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 15 June 2012 - 01:06 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 15 June 2012 - 10:42 AM

OK. Here it goes!


OTL logfile created on: 6/15/2012 11:23:01 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Carlos\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 74.86% Memory free
15.60 Gb Paging File | 13.11 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.83 Gb Total Space | 271.63 Gb Free Space | 61.76% Space Free | Partition Type: NTFS

Computer Name: CARLOS-HOME | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carlos\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe (RPA Technology)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CLKMSVC10_C6F09094) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe (CyberLink)
SRV - (DvmMDES) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PowerLabUSB) -- C:\Windows\SysNative\drivers\plusb2_0_3_NTamd64.sys (ADInstruments)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E94CA457-CCF1-4A47-8595-66F26AA09BDD}
IE:64bit: - HKLM\..\SearchScopes\{4E52B8E7-BB81-45D5-A623-9AB632E937A3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{B6569119-DAB9-4DAC-B8F9-A40A4628E3DB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{E94CA457-CCF1-4A47-8595-66F26AA09BDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {E94CA457-CCF1-4A47-8595-66F26AA09BDD}
IE - HKLM\..\SearchScopes\{4E52B8E7-BB81-45D5-A623-9AB632E937A3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{B6569119-DAB9-4DAC-B8F9-A40A4628E3DB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{E94CA457-CCF1-4A47-8595-66F26AA09BDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://movies.netflix.com/WiHome
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes,DefaultScope = {E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes\{4E52B8E7-BB81-45D5-A623-9AB632E937A3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes\{B6569119-DAB9-4DAC-B8F9-A40A4628E3DB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z125&form=ZGAIDF&install_date=20110917&iesrc={referrer:source}
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes\{E94CA457-CCF1-4A47-8595-66F26AA09BDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {246B0AC1-31AB-4786-A4CC-A6AF89647D7F}:0.3.8
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4375
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110917&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/24 10:18:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/24 10:18:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/11/24 10:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 13:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 09:55:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/07 22:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/07 22:42:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2012/04/21 10:29:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/12/14 10:55:07 | 000,000,000 | ---D | M]

[2010/11/30 00:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Extensions
[2012/06/12 11:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions
[2011/12/09 21:32:38 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/06/12 11:34:53 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/01/16 17:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}-trash
[2010/12/05 20:31:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(83)
[2010/12/05 20:31:45 | 000,000,000 | ---D | M] (Wikipedia Lookup Add-on) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{246B0AC1-31AB-4786-A4CC-A6AF89647D7F}
[2010/12/05 20:31:45 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}(84)
[2011/09/02 23:17:12 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/06/05 11:29:00 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2010/12/05 20:31:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(89)
[2010/12/05 20:31:46 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/12/05 20:31:46 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}(90)
[2012/06/09 22:46:26 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\anttoolbar@ant.com
[2010/12/05 20:31:39 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\moveplayer@movenetworks.com
[2010/12/05 20:31:42 | 000,000,000 | ---D | M] (Saturated) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\Saturated@davidnaylor.org
[2012/03/24 16:40:10 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\testpilot@labs.mozilla.com
[2012/02/12 17:09:14 | 000,000,000 | ---D | M] () -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\xpiral@gmail.com
[2008/03/30 19:25:24 | 000,002,520 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\searchplugins\mozilla-add-ons.xml
[2012/02/15 19:03:18 | 000,002,418 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\searchplugins\s-amazon-byskipity.xml
[2012/01/17 13:12:13 | 000,002,281 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\searchplugins\s-amazon.xml
[2008/03/30 19:38:46 | 000,000,705 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\searchplugins\webster.xml
[2008/03/30 19:39:52 | 000,001,032 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\searchplugins\wikipedia-eng.xml
[2011/09/16 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/16 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/05/15 09:55:13 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/20 22:44:42 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14FBAAQ5.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[1832/11/29 00:37:17 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14FBAAQ5.DEFAULT\EXTENSIONS\TXMRQTZQTL@TXMRQTZQTL.ORG.XPI
[2012/05/07 22:42:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/07 22:42:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/07 22:42:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Angry Birds = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Lucidchart: Diagramming = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\14_0\
CHR - Extension: TV = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: Turn Off the Lights = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.98_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Full Screen Weather = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: The QR Code Generator = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.2_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Webcam Toy = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: StudyStack = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboldpjijadohjhnkadkdbonjlgbjadd\1_0\
CHR - Extension: AVG Do Not Track = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: TypingClub = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\
CHR - Extension: Cuevana Stream = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\
CHR - Extension: Cuevana Stream = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\.svn\props\.svn-work
CHR - Extension: Connected Mind = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc\1.1.5_0\

O1 HOSTS File: ([2012/06/14 22:04:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75405502-AF2D-42F4-9C02-3C12707DCAB3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 11:20:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2012/06/14 23:35:53 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Carlos\Desktop\tdsskiller.exe
[2012/06/14 22:11:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/14 22:04:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/14 21:49:14 | 004,557,483 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe
[2012/06/14 10:02:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\dds.scr
[2012/06/13 09:44:54 | 000,851,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 09:44:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 09:44:42 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/13 09:44:41 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 09:44:40 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 09:44:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/13 09:44:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 09:44:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/13 09:44:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 09:44:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/13 09:44:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/13 09:44:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/13 09:44:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/13 09:44:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 09:44:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 09:44:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/13 09:44:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/13 09:44:35 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 09:44:35 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 09:44:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 09:44:31 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 09:44:30 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 09:44:30 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 09:44:26 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 09:44:17 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 09:44:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 22:02:04 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/11 22:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/11 22:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/11 19:38:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Carlos\Desktop\aswMBR.exe
[2012/06/11 17:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/11 13:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/11 11:00:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/11 11:00:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/11 11:00:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/11 10:57:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/11 10:55:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/09 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Malwarebytes
[2012/06/09 23:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/09 23:10:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/09 23:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/09 23:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/09 22:53:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/24 19:16:14 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\TouchSmartData
[2012/05/24 19:13:46 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Documents\Avatar

========== Files - Modified Within 30 Days ==========

[2012/06/15 11:20:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2012/06/15 11:12:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 11:01:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 11:01:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 10:59:47 | 100,441,624 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/15 10:58:13 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/15 10:58:13 | 000,663,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/15 10:58:13 | 000,122,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 10:55:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819021239-1962948344-1292429427-1001UA.job
[2012/06/15 10:54:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 10:53:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 10:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 10:53:33 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 01:53:02 | 000,000,512 | ---- | M] () -- C:\Users\Carlos\Desktop\MBR.dat
[2012/06/14 23:37:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Carlos\Desktop\aswMBR.exe
[2012/06/14 23:35:54 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Carlos\Desktop\tdsskiller.exe
[2012/06/14 22:04:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/14 21:49:15 | 004,557,483 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe
[2012/06/14 10:02:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\dds.scr
[2012/06/14 09:49:28 | 000,853,862 | ---- | M] () -- C:\Users\Carlos\Desktop\SecurityCheck.exe
[2012/06/14 09:48:32 | 000,000,000 | ---- | M] () -- C:\Users\Carlos\defogger_reenable
[2012/06/13 18:04:16 | 000,423,094 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/13 16:31:44 | 000,008,704 | ---- | M] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 14:21:21 | 000,068,869 | ---- | M] () -- C:\Users\Carlos\Desktop\citioffer.JPG
[2012/06/13 13:23:06 | 000,436,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 13:22:55 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarlos.job
[2012/06/12 00:03:20 | 000,002,254 | ---- | M] () -- C:\Users\Carlos\Documents\cc_20120612_000314.reg
[2012/06/11 22:11:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/11 19:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819021239-1962948344-1292429427-1001Core.job
[2012/06/11 14:32:34 | 000,007,512 | ---- | M] () -- C:\Users\Carlos\Documents\cc_20120611_143228.reg
[2012/06/11 13:56:43 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/09 23:32:17 | 000,000,170 | ---- | M] () -- C:\Users\Carlos\AppData\Local\mv_Photo.xml
[2012/06/09 23:10:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 22:47:41 | 000,055,264 | ---- | M] () -- C:\Users\Carlos\Documents\cc_20120609_224735.reg
[2012/06/06 14:18:23 | 000,000,119 | ---- | M] () -- C:\Users\Carlos\AppData\Local\mv_music.xml
[2012/06/03 19:50:24 | 000,094,478 | ---- | M] () -- C:\Users\Carlos\Desktop\Quebeq.JPG
[2012/06/02 22:46:07 | 000,777,317 | ---- | M] () -- C:\Users\Carlos\Desktop\REGISTRATION-GUIDE-FALL-2012-4-30-12.pdf
[2012/05/19 22:43:33 | 006,144,725 | ---- | M] () -- C:\Users\Carlos\Desktop\HZ30W_English.pdf

========== Files Created - No Company Name ==========

[2012/06/15 01:51:37 | 000,000,512 | ---- | C] () -- C:\Users\Carlos\Desktop\MBR.dat
[2012/06/14 09:49:28 | 000,853,862 | ---- | C] () -- C:\Users\Carlos\Desktop\SecurityCheck.exe
[2012/06/14 09:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\defogger_reenable
[2012/06/13 14:21:21 | 000,068,869 | ---- | C] () -- C:\Users\Carlos\Desktop\citioffer.JPG
[2012/06/12 00:03:17 | 000,002,254 | ---- | C] () -- C:\Users\Carlos\Documents\cc_20120612_000314.reg
[2012/06/11 22:02:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/11 14:32:33 | 000,007,512 | ---- | C] () -- C:\Users\Carlos\Documents\cc_20120611_143228.reg
[2012/06/11 11:00:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/11 11:00:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/11 11:00:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/11 11:00:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/11 11:00:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/09 23:10:03 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 22:47:38 | 000,055,264 | ---- | C] () -- C:\Users\Carlos\Documents\cc_20120609_224735.reg
[2012/06/03 19:50:24 | 000,094,478 | ---- | C] () -- C:\Users\Carlos\Desktop\Quebeq.JPG
[2012/06/02 22:46:07 | 000,777,317 | ---- | C] () -- C:\Users\Carlos\Desktop\REGISTRATION-GUIDE-FALL-2012-4-30-12.pdf
[2012/05/19 22:37:26 | 006,144,725 | ---- | C] () -- C:\Users\Carlos\Desktop\HZ30W_English.pdf
[2012/03/23 20:22:21 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 12:08:54 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrv09.dll
[2011/07/12 12:04:48 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\RASCTRSN.DLL
[2011/05/19 12:22:21 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Local\{93EA2BE9-456D-4141-AD8A-C617C7061AFA}
[2011/05/18 10:35:41 | 000,008,704 | ---- | C] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 10:22:06 | 000,001,854 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\GhostObjGAFix.xml
[2011/02/21 01:15:26 | 000,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/02/21 01:14:13 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/01/26 17:37:31 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/26 17:37:31 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2010/12/01 02:40:23 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/01 02:19:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/29 21:00:26 | 000,000,170 | ---- | C] () -- C:\Users\Carlos\AppData\Local\mv_Photo.xml
[2010/11/29 21:00:26 | 000,000,119 | ---- | C] () -- C:\Users\Carlos\AppData\Local\mv_music.xml
[2010/11/24 10:23:05 | 000,028,672 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2010/11/24 10:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/24 09:59:42 | 000,777,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/24 09:53:08 | 000,001,122 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/11/24 09:50:46 | 000,000,316 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/24 09:50:46 | 000,000,257 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/07/21 22:25:24 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/21 19:50:03 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 15 June 2012 - 12:45 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE:64bit: - HKLM\..\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-1819021239-1962948344-1292429427-1001\..\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    [2012/05/20 22:44:42 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14FBAAQ5.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
    [1832/11/29 00:37:17 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14FBAAQ5.DEFAULT\EXTENSIONS\TXMRQTZQTL@TXMRQTZQTL.ORG.XPI
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 15 June 2012 - 02:35 PM

Hi Gringo,

I run the script. The computer is doing fine. OTL didn't ask me to reboot.
Yeah!!! It seems that firefox is cleared (no more redirecting...so far I'll keep testing it later today). However, when using Chrome, the first link I click still redirects me, but the second time it goes to the correct link (!)...Vicious parasite!!! So there is something there...what do you think?
Thanks for your help again

See the OTL report below:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1819021239-1962948344-1292429427-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF24EFA-AA2D-436C-A14A-B01ECE28BB7E}\ not found.
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi moved successfully.
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\14fbaaq5.default\extensions\txmrqtzqtl@txmrqtzqtl.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Carlos\Desktop\cmd.bat deleted successfully.
C:\Users\Carlos\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Carlos
->Java cache emptied: 8008768 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: All Users

User: Carlos
->Flash cache emptied: 1408142 bytes

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06152012_150345

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 15 June 2012 - 09:38 PM

Greetings

Chrome is made differently than the other browsers and it makes it harder for our tools to get in and make changes and I find the easest thing to do is to uninstall it and reinstall


I want you to uninstall chrome and if asked about user data or settings to reomve that also

restart the computer and reinstall chrome - check things out and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 16 June 2012 - 10:34 AM

Hi Gringo,
Thank you sooooo much. Firefox is working fine -no more redirecting- and after uninstalling and reinstalling Chrome I see no more redirecting. Hurray!!
I really-really appreciate it. I made a little donation as a modest sample of appreciation.
My best regards,
CMariano

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 16 June 2012 - 12:53 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CMariano

CMariano
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 17 June 2012 - 11:30 AM

Hello Gringo,

1-I run Revo Uninstaller and uninstalled BingBar and Java 6 Update 29 (No problems uninstalling)
2-I installed Java form the link you sent
3-Did the cleanup with Ccleaner
4-Run mbam. See report below
5-Scan with HijackThis. See report below. I had to do it as administrator as you said it might be needed

No problems to report. The computer is doing fine.

See reports:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.17.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Carlos :: CARLOS-HOME [administrator]

Protection: Enabled

6/17/2012 11:57:34 AM
mbam-log-2012-06-17 (11-57-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 213092
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13:11 PM, on 6/17/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17006)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://movies.netflix.com/WiHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2010/11/24 06:08:05 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15194 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users