Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win32/sirefef.a Trogan


  • This topic is locked This topic is locked
21 replies to this topic

#1 unicornlas

unicornlas

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 21 June 2012 - 08:31 PM

This started with the google redirect virus when I found out I was being redirected to sites other than what was shown. I have Microsoft Security Essentials but it was shut off. I turned it on and it showed I had the win32/sirefef virus. It showed two versions. I deleted them and they would keep coming back every few minutes. I also noticed apache server httpd.exe running at ove 50%. Unfortunately I cannot remember what I did to stop these two files from constanly coming back. I know I had to reinstall Firefox to stop the google re-direct. It seemed to be okay for a few days. I also went into the registry and deleted anything in the RUN folders.

Then I got an alert from MSE saying I had the win32/sirefef.a trogan. Not paying attention, I hit remove and then noticed the path was services.exe After that my computer would constantly try to shutdown with error
Windows noticed critical issue and will restart in 1 minute. I could not get it to stop no matter what I did (like disabling it in F8 mode. I found a way to back up my data with Kaspersky Rescue disk after I made sure to scan everything. It found mdba(sp).exe and deleted that. Also said a couple programs I had (never installed) 7zip or lemon photo were infected so I deleted those.

I tried to reload system restore point but they were all deleted exept a couple days ago. I used that and when i logged on it showed MSE disable. I re-enabled it and same issue. Computer restarted after a minute.
And MSE found SIREFE.a virus with the windows/system32/services.exe

I uninstalled MSE and am now able to at least use the oomputer but am obviously still infected. Unable to use Windows Defender, Windows Firewall. I would like to try and fix this if possible. I have a DELL Laptop
so am hesitant to do a reformat/reinstall.

Please help. I followed the presteps and have the logs from ESET Online Scanner, System Look for services.exe, DDS.scr.

-----------
SystemLook 30.07.11 by jpshortstuff
Log created at 19:02 on 21/06/2012 by Lauri
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 381952 bytes [23:04 18/06/2009] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [23:03 18/06/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [23:04 18/06/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [23:03 18/06/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

----DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lauri at 20:01:49 on 2012-06-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.1756 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Users\Lauri\Downloads\SystemLook_x64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\notepad.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bfm.bingstart.com/?cfg=2-229-0-1E2iL
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {C53FE659-316A-4F56-A194-A5BE491BE866} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DRPU Pc Data manager] "C:\Program Files (x86)\DRPU PC Data Manager\apcdm.exe" "hd"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Lauri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Lauri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: onecommunications.com\cygate
Trusted Zone: onecommunications.com\cygate2
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\Lauri\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Lauri\AppData\Local\Temp\f5tmp\InstallerControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - C:\Users\Lauri\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\Lauri\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - C:\Users\Lauri\AppData\Local\Temp\f5tmp\f5syschk.cab
DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} - C:\Users\Lauri\AppData\Local\Temp\f5tmp\urvncx.cab
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{B83A51BB-C1E8-4785-B5A7-EF5174762ABA} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {C53FE659-316A-4F56-A194-A5BE491BE866} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DRPU Pc Data manager] "C:\Program Files (x86)\DRPU PC Data Manager\apcdm.exe" "hd"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
SEH-X64: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lauri\AppData\Roaming\Mozilla\Firefox\Profiles\tw9drsbr.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lauri\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lauri\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-1-5 173296]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-26 654408]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S2 Apache2.2;Remote Access Media Server;"C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe" -k runservice --> C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dsl-db;Remote Access DB;"C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe" "--defaults-file=C:\Program Files (x86)\Common Files\Dell\MySQL\my.ini" dsl-db --> C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [?]
S2 SftService;SoftThinks Agent Service;"C:\Windows\sminst\sftservice.EXE" --> C:\Windows\sminst\sftservice.EXE [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-5-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-5-28 79360]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-5-28 79360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-18 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-21 23:06:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-21 22:39:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 22:38:52 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-21 22:38:52 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-21 22:38:51 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 22:38:51 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 05:37:56 -------- d-----w- C:\Users\Lauri\AppData\Local\ElevatedDiagnostics
2012-06-18 20:37:40 -------- d-----w- C:\Users\Lauri\AppData\Local\Macromedia
2012-06-17 23:52:27 -------- d-----w- C:\Users\Lauri\AppData\Local\Stardock_Corporation
2012-06-17 22:08:41 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-17 21:57:38 -------- d-----w- C:\Users\Lauri\AppData\Roaming\HipSoft
2012-06-17 21:56:53 -------- d-----w- C:\Program Files (x86)\Tiger Games
2012-06-14 19:16:12 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 19:16:09 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 19:16:09 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 19:16:09 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 19:16:09 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 19:16:09 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 19:16:09 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 19:15:58 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 04:14:38 -------- d-----w- C:\Users\Lauri\AppData\Roaming\Atari
2012-06-13 04:05:28 -------- d-----w- C:\Program Files (x86)\RCT3
.
==================== Find3M ====================
.
2012-06-17 23:25:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 23:25:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-07 19:56:11 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 03:58:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 20:04:54.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 June 2012 - 03:15 PM

Hi,

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 June 2012 - 06:14 PM

thank you in advance for your help. Here is the log from FRST

Scan result of Farbar Recovery Scan Tool Version: 22-06-2012
Ran by SYSTEM at 22-06-2012 19:02:19
Running from I:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [RunDLLEntry] "C:\Windows\system32\RunDLL32.exe" C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2008-12-17] (Creative Technology Ltd.)
HKLM\...\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe" [272896 2008-08-25] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [237693 2008-12-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] "C:\Windows\UpdReg.EXE" [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" [132392 2008-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [233304 2009-02-03] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [DRPU Pc Data manager] "C:\Program Files (x86)\DRPU PC Data Manager\apcdm.exe" "hd" [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [438403 2008-02-19] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Lauri\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Lauri\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Lauri\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-11] (SUPERAntiSpyware.com)
HKU\RA Media Server\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.159.64.23 24.247.24.53
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lauri\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lauri\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\RA Media Server\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [89600 2009-03-30] (Andrea Electronics Corporation)
2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [901120 2008-11-24] (ATI Technologies Inc.)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 hnmsvc; "C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe" [824560 2009-01-05] (Dell Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-14] (Mozilla Foundation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [189728 2010-03-10] (Protexis Inc.)
2 simptcp; C:\Windows\System32\tcpsvcs.exe [10752 2009-08-14] (Microsoft Corporation)
2 simptcp; C:\Windows\SysWow64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
2 Apache2.2; "C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe" -k runservice [x]
2 dsl-db; "C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe" "--defaults-file=C:\Program Files (x86)\Common Files\Dell\MySQL\my.ini" dsl-db [x]
2 SftService; "C:\Windows\sminst\sftservice.EXE" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [43864 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 itecir; C:\Windows\System32\Drivers\itecir.sys [67104 2010-03-08] (ITE Tech. Inc. )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
2 Packet; C:\Windows\System32\Drivers\Packet.sys [29184 2008-06-18] (SingleClick Systems)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 VPCNetS2; C:\Windows\System32\DRIVERS\VMNetSrv.sys [79416 2008-02-04] (Microsoft Corporation)
1 ifjmiugd; \??\C:\Windows\system32\drivers\ifjmiugd.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-22 14:41 - 2012-06-22 14:41 - 01424539 ____A C:\Users\Lauri\Downloads\FRST64.exe
2012-06-21 20:28 - 2012-06-21 20:28 - 00000296 ____A C:\Windows\System32\spsys.log
2012-06-21 20:20 - 2012-06-21 20:20 - 00000093 ____A C:\Users\Lauri\Desktop\Newegg.com - Monitors, LCD Monitors, Computer Monitors.URL
2012-06-21 20:19 - 2012-06-21 20:19 - 00000089 ____A C:\Users\Lauri\Desktop\Newegg.com - Intel Core i5-3570K Ivy Bridge 3.4GHz (3.8GHz Turbo) LGA 1155 77W Quad-Core Desktop Processor Intel HD Graphics.URL
2012-06-21 19:54 - 2012-06-21 19:54 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-21 19:54 - 2012-06-21 19:54 - 00001787 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-06-21 19:54 - 2012-06-21 19:54 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-21 19:54 - 2012-03-06 15:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-21 19:54 - 2012-03-06 15:04 - 00819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-21 19:54 - 2012-03-06 15:04 - 00337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-21 19:54 - 2012-03-06 15:02 - 00043864 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-06-21 19:54 - 2012-03-06 15:01 - 00069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-21 19:54 - 2012-03-06 15:01 - 00059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-21 19:54 - 2012-03-06 15:01 - 00024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-21 19:53 - 2012-06-21 19:53 - 00363754 ____A C:\Users\Lauri\Local Settings\dd_vcredistMSI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00363754 ____A C:\Users\Lauri\Local Settings\Application Data\dd_vcredistMSI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00363754 ____A C:\Users\Lauri\AppData\Local\dd_vcredistMSI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00015570 ____A C:\Users\Lauri\Local Settings\dd_vcredistUI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00015570 ____A C:\Users\Lauri\Local Settings\Application Data\dd_vcredistUI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00015570 ____A C:\Users\Lauri\AppData\Local\dd_vcredistUI5FEB.txt
2012-06-21 19:53 - 2012-03-06 15:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-21 19:52 - 2012-06-21 19:52 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-21 19:52 - 2012-06-21 19:52 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-06-21 19:52 - 2012-06-21 19:52 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-21 19:52 - 2012-03-06 15:15 - 00201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-06-21 19:48 - 2012-06-21 19:48 - 00001655 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-21 19:48 - 2012-06-21 19:48 - 00001655 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\Lauri\Application Data\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 19:42 - 2012-06-21 19:42 - 00004109 ____A C:\Users\Lauri\Desktop\ESET Threats.txt
2012-06-21 17:20 - 2012-06-21 17:20 - 17992224 ____A (SUPERAntiSpyware.com) C:\Users\Lauri\Downloads\SUPERAntiSpyware.exe
2012-06-21 17:16 - 2012-06-21 17:16 - 02109806 ____A C:\Users\Lauri\Downloads\tdsskiller.zip
2012-06-21 17:12 - 2012-06-21 17:14 - 74761776 ____A C:\Users\Lauri\Downloads\avast_free_antivirus_setup.exe
2012-06-21 17:05 - 2012-06-21 17:06 - 38679496 ____A (COMODO) C:\Users\Lauri\Downloads\cfw_installer_x64.exe
2012-06-21 16:19 - 2012-06-21 16:19 - 00024008 ____A C:\Users\Lauri\Desktop\DDS.txt
2012-06-21 16:18 - 2012-06-21 16:18 - 00036768 ____A C:\Users\Lauri\Desktop\Attach.txt
2012-06-21 15:58 - 2012-06-21 15:58 - 00607260 ____R (Swearware) C:\Users\Lauri\Desktop\dds.scr
2012-06-21 15:06 - 2012-06-21 15:06 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-21 15:04 - 2012-06-21 15:04 - 02322184 ____A (ESET) C:\Users\Lauri\Downloads\esetsmartinstaller_enu.exe
2012-06-21 15:01 - 2012-06-21 15:01 - 00165376 ____A C:\Users\Lauri\Downloads\SystemLook_x64.exe
2012-06-21 14:56 - 2012-06-21 14:56 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 14:56 - 2012-06-21 14:56 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 14:39 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 14:39 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 14:39 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-21 14:39 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 14:39 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 14:39 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 14:39 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-21 14:39 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 14:39 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 14:39 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-21 14:38 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 14:38 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-21 14:38 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 14:38 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-18 21:34 - 2012-06-18 21:34 - 00347424 ____A (Microsoft Corporation) C:\Users\Lauri\Downloads\MicrosoftFixit.WindowsFirewall.RNP.108263514441143446.1.1.Run.exe
2012-06-18 20:26 - 2012-06-18 20:26 - 03818105 ____A C:\Users\Lauri\Downloads\ComboFix.exe
2012-06-18 20:26 - 2012-06-18 20:26 - 00000000 ____D C:\32788R22FWJFW
2012-06-18 19:51 - 2012-06-21 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-18 19:51 - 2012-06-18 19:51 - 00000890 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-18 19:51 - 2012-06-18 19:51 - 00000890 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-06-18 19:51 - 2012-06-18 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 19:01 - 2012-06-18 19:01 - 00297562 ____A C:\Users\Lauri\bookmarks-2012-06-18.json
2012-06-18 19:00 - 2012-06-18 19:00 - 00349880 ____A C:\Users\Lauri\bookmarks.html
2012-06-18 18:52 - 2012-06-18 18:52 - 16577248 ____A (Mozilla) C:\Users\Lauri\Downloads\Firefox Setup 13.0.1.exe
2012-06-18 18:40 - 2012-06-18 18:40 - 00000222 ____A C:\Users\Lauri\Desktop\building a computer 2012 - YouTube.URL
2012-06-18 18:39 - 2012-06-18 18:39 - 00000136 ____A C:\Users\Lauri\Desktop\How to Build a Powerhouse PC Worthy of Sandy Bridge Extreme Edition PCWorld.URL
2012-06-18 18:39 - 2012-06-18 18:39 - 00000096 ____A C:\Users\Lauri\Desktop\Intel Core i5-2500K GeForce GTX 680 Build - PCPartPicker.URL
2012-06-18 18:39 - 2012-06-18 18:39 - 00000068 ____A C:\Users\Lauri\Desktop\How to Build a Computer - 2012 Version! - YouTube.URL
2012-06-18 18:38 - 2012-06-18 18:38 - 00000279 ____A C:\Users\Lauri\Desktop\YouTube - Broadcast Yourself..URL
2012-06-18 18:20 - 2012-06-03 19:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-18 17:56 - 2012-06-18 17:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Lauri\Downloads\mseinstall.exe
2012-06-18 13:29 - 2012-06-18 13:30 - 09012680 ____A (Microsoft Corporation) C:\Users\Lauri\Desktop\NDP1.1sp1-KB929729-X86.exe
2012-06-18 13:04 - 2012-06-18 13:04 - 00000124 ____A C:\Users\Lauri\Desktop\PC Building Best Practices Hardware PCWorld.URL
2012-06-18 12:37 - 2012-06-18 12:37 - 00000000 ____D C:\Users\Lauri\Local Settings\Macromedia
2012-06-18 12:37 - 2012-06-18 12:37 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\Macromedia
2012-06-18 12:37 - 2012-06-18 12:37 - 00000000 ____D C:\Users\Lauri\AppData\Local\Macromedia
2012-06-17 15:52 - 2012-06-17 15:52 - 00000000 ____D C:\Users\Lauri\Local Settings\Stardock_Corporation
2012-06-17 15:52 - 2012-06-17 15:52 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\Stardock_Corporation
2012-06-17 15:52 - 2012-06-17 15:52 - 00000000 ____D C:\Users\Lauri\AppData\Local\Stardock_Corporation
2012-06-17 14:08 - 2012-06-17 14:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-17 13:57 - 2012-06-17 13:57 - 00000000 ____D C:\Users\Lauri\Application Data\HipSoft
2012-06-17 13:57 - 2012-06-17 13:57 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\HipSoft
2012-06-17 13:56 - 2012-06-17 13:56 - 00000000 ____D C:\Program Files (x86)\Tiger Games
2012-06-16 18:27 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-16 18:27 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-16 18:27 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-16 18:27 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-16 18:27 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-16 18:27 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-16 18:27 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-16 18:27 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-16 18:27 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-16 18:27 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-16 18:27 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-16 18:27 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-16 18:27 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-16 18:27 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-16 18:27 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-16 18:27 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-16 18:27 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-16 18:27 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-16 18:27 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-16 18:27 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-16 18:27 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-16 18:27 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-16 18:27 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-16 18:27 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-16 18:27 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-16 18:27 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-16 18:27 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-16 18:27 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-16 18:03 - 2012-06-17 07:06 - 00090112 ____A C:\Users\Lauri\Downloads\RPG MasterGameList.xls
2012-06-14 11:16 - 2012-05-01 06:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 11:16 - 2012-04-23 08:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 11:16 - 2012-04-23 08:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 11:16 - 2012-04-23 08:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 11:16 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 11:16 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 11:16 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 11:15 - 2012-05-15 12:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 20:14 - 2012-06-12 20:20 - 00000000 ____D C:\Users\Lauri\My Documents\RCT3
2012-06-12 20:14 - 2012-06-12 20:20 - 00000000 ____D C:\Users\Lauri\Documents\RCT3
2012-06-12 20:14 - 2012-06-12 20:14 - 00000000 ____D C:\Users\Lauri\Application Data\Atari
2012-06-12 20:14 - 2012-06-12 20:14 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\Atari
2012-06-12 20:05 - 2012-06-12 20:13 - 00000000 ____D C:\Program Files (x86)\RCT3
2012-06-12 19:57 - 2012-06-12 19:57 - 00000000 ____D C:\Users\Lauri\Downloads\rct3
2012-06-11 15:37 - 2012-06-11 15:37 - 39483256 ____A (Apple Inc.) C:\Users\Lauri\Desktop\QuickTimeInstaller.exe
2012-06-11 14:56 - 2012-06-11 18:21 - 00000730 ____A C:\Users\Lauri\Sookie Stackhouse Books.txt
2012-06-09 00:35 - 2012-06-09 00:37 - 155934919 ____A C:\Users\Lauri\Downloads\DFInstall.zip
2012-06-09 00:35 - 2012-06-09 00:36 - 26941697 ____A C:\Users\Lauri\Downloads\Redguard_Comic.zip
2012-06-09 00:34 - 2012-06-09 00:34 - 09196300 ____A C:\Users\Lauri\Downloads\Arena106Setup.zip
2012-06-04 13:52 - 2012-06-11 16:58 - 00002044 ____A C:\Users\Lauri\Desktop\Google Chrome.lnk
2012-06-04 13:51 - 2012-06-22 13:56 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000UA.job
2012-06-04 13:51 - 2012-06-22 13:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000Core.job
2012-05-31 15:48 - 2012-05-31 15:48 - 00000142 ____A C:\Users\Lauri\Desktop\How to Build an Energy-Efficient and Quiet Gaming PC PCWorld.URL


============ 3 Months Modified Files and Folders =============

2012-06-22 19:01 - 2012-06-22 19:01 - 00000000 ____D C:\FRST
2012-06-22 14:52 - 2009-05-27 19:39 - 01443967 ____A C:\Windows\WindowsUpdate.log
2012-06-22 14:52 - 2006-11-02 07:42 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-22 14:52 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-22 14:52 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-22 14:52 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-22 14:44 - 2006-11-02 04:46 - 00769686 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-22 14:41 - 2012-06-22 14:41 - 01424539 ____A C:\Users\Lauri\Downloads\FRST64.exe
2012-06-22 13:56 - 2012-06-04 13:51 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000UA.job
2012-06-22 13:56 - 2012-06-04 13:51 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000Core.job
2012-06-22 12:36 - 2012-04-17 13:17 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-21 20:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2012-06-21 20:28 - 2012-06-21 20:28 - 00000296 ____A C:\Windows\System32\spsys.log
2012-06-21 20:28 - 2008-01-20 19:26 - 00289180 ____A C:\Windows\PFRO.log
2012-06-21 20:20 - 2012-06-21 20:20 - 00000093 ____A C:\Users\Lauri\Desktop\Newegg.com - Monitors, LCD Monitors, Computer Monitors.URL
2012-06-21 20:19 - 2012-06-21 20:19 - 00000089 ____A C:\Users\Lauri\Desktop\Newegg.com - Intel Core i5-3570K Ivy Bridge 3.4GHz (3.8GHz Turbo) LGA 1155 77W Quad-Core Desktop Processor Intel HD Graphics.URL
2012-06-21 19:54 - 2012-06-21 19:54 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-21 19:54 - 2012-06-21 19:54 - 00001787 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-06-21 19:54 - 2012-06-21 19:54 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-21 19:53 - 2012-06-21 19:53 - 00363754 ____A C:\Users\Lauri\Local Settings\dd_vcredistMSI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00363754 ____A C:\Users\Lauri\Local Settings\Application Data\dd_vcredistMSI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00363754 ____A C:\Users\Lauri\AppData\Local\dd_vcredistMSI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00015570 ____A C:\Users\Lauri\Local Settings\dd_vcredistUI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00015570 ____A C:\Users\Lauri\Local Settings\Application Data\dd_vcredistUI5FEB.txt
2012-06-21 19:53 - 2012-06-21 19:53 - 00015570 ____A C:\Users\Lauri\AppData\Local\dd_vcredistUI5FEB.txt
2012-06-21 19:52 - 2012-06-21 19:52 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-21 19:52 - 2012-06-21 19:52 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-06-21 19:52 - 2012-06-21 19:52 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-21 19:48 - 2012-06-21 19:48 - 00001655 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-21 19:48 - 2012-06-21 19:48 - 00001655 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\Lauri\Application Data\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-21 19:48 - 2012-06-21 19:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 19:42 - 2012-06-21 19:42 - 00004109 ____A C:\Users\Lauri\Desktop\ESET Threats.txt
2012-06-21 18:32 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2012-06-21 18:32 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc
2012-06-21 18:32 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2012-06-21 18:32 - 2006-11-02 04:33 - 77856768 ____A C:\Windows\System32\config\software_previous
2012-06-21 18:32 - 2006-11-02 04:33 - 17301504 ____A C:\Windows\System32\config\system_previous
2012-06-21 18:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-06-21 18:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-06-21 17:38 - 2009-11-18 13:50 - 00000000 ____D C:\Users\Lauri\My Documents\Storage
2012-06-21 17:38 - 2009-11-18 13:50 - 00000000 ____D C:\Users\Lauri\Documents\Storage
2012-06-21 17:35 - 2010-01-31 16:15 - 00000000 ____D C:\Users\Lauri\Cisco
2012-06-21 17:20 - 2012-06-21 17:20 - 17992224 ____A (SUPERAntiSpyware.com) C:\Users\Lauri\Downloads\SUPERAntiSpyware.exe
2012-06-21 17:16 - 2012-06-21 17:16 - 02109806 ____A C:\Users\Lauri\Downloads\tdsskiller.zip
2012-06-21 17:14 - 2012-06-21 17:12 - 74761776 ____A C:\Users\Lauri\Downloads\avast_free_antivirus_setup.exe
2012-06-21 17:06 - 2012-06-21 17:05 - 38679496 ____A (COMODO) C:\Users\Lauri\Downloads\cfw_installer_x64.exe
2012-06-21 16:19 - 2012-06-21 16:19 - 00024008 ____A C:\Users\Lauri\Desktop\DDS.txt
2012-06-21 16:18 - 2012-06-21 16:18 - 00036768 ____A C:\Users\Lauri\Desktop\Attach.txt
2012-06-21 16:14 - 2010-07-17 01:16 - 00000000 ____D C:\Users\Lauri\!!!New Stuff
2012-06-21 15:58 - 2012-06-21 15:58 - 00607260 ____R (Swearware) C:\Users\Lauri\Desktop\dds.scr
2012-06-21 15:52 - 2010-02-15 16:52 - 00000000 ____D C:\Program Files (x86)\Visual CertExam Suite
2012-06-21 15:06 - 2012-06-21 15:06 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-21 15:04 - 2012-06-21 15:04 - 02322184 ____A (ESET) C:\Users\Lauri\Downloads\esetsmartinstaller_enu.exe
2012-06-21 15:02 - 2012-06-18 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-21 15:01 - 2012-06-21 15:01 - 00165376 ____A C:\Users\Lauri\Downloads\SystemLook_x64.exe
2012-06-21 14:56 - 2012-06-21 14:56 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 14:56 - 2012-06-21 14:56 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 14:56 - 2010-10-26 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 14:50 - 2011-01-26 16:13 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-21 14:37 - 2006-11-02 07:27 - 00154175 ____A C:\Windows\setupact.log
2012-06-21 14:35 - 2010-11-26 20:56 - 00000000 ____D C:\users\RA Media Server
2012-06-21 14:35 - 2009-06-04 18:22 - 00000000 ____D C:\users\Lauri
2012-06-21 14:27 - 2006-11-02 04:33 - 55312384 ____A C:\Windows\System32\config\components_previous
2012-06-21 14:27 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
2012-06-21 10:12 - 2009-07-20 20:45 - 00000000 ____D C:\My Web Sites
2012-06-21 10:09 - 2009-05-28 03:03 - 00000000 ____D C:\DELL
2012-06-20 16:58 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\system
2012-06-20 03:30 - 2012-03-28 12:45 - 00000000 ____D C:\Windows\pss
2012-06-20 03:28 - 2009-06-04 18:22 - 00006944 ____A C:\Users\Lauri\Local Settings\d3d9caps.dat
2012-06-20 03:28 - 2009-06-04 18:22 - 00006944 ____A C:\Users\Lauri\Local Settings\Application Data\d3d9caps.dat
2012-06-20 03:28 - 2009-06-04 18:22 - 00006944 ____A C:\Users\Lauri\AppData\Local\d3d9caps.dat
2012-06-18 21:34 - 2012-06-18 21:34 - 00347424 ____A (Microsoft Corporation) C:\Users\Lauri\Downloads\MicrosoftFixit.WindowsFirewall.RNP.108263514441143446.1.1.Run.exe
2012-06-18 20:26 - 2012-06-18 20:26 - 03818105 ____A C:\Users\Lauri\Downloads\ComboFix.exe
2012-06-18 20:26 - 2012-06-18 20:26 - 00000000 ____D C:\32788R22FWJFW
2012-06-18 19:51 - 2012-06-18 19:51 - 00000890 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-18 19:51 - 2012-06-18 19:51 - 00000890 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-06-18 19:51 - 2012-06-18 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 19:04 - 2010-08-31 16:02 - 00790958 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-18 19:01 - 2012-06-18 19:01 - 00297562 ____A C:\Users\Lauri\bookmarks-2012-06-18.json
2012-06-18 19:00 - 2012-06-18 19:00 - 00349880 ____A C:\Users\Lauri\bookmarks.html
2012-06-18 18:52 - 2012-06-18 18:52 - 16577248 ____A (Mozilla) C:\Users\Lauri\Downloads\Firefox Setup 13.0.1.exe
2012-06-18 18:43 - 2011-11-19 09:03 - 00000000 ____D C:\Users\RA Media Server\Local Settings\CrashDumps
2012-06-18 18:43 - 2011-11-19 09:03 - 00000000 ____D C:\Users\RA Media Server\Local Settings\Application Data\CrashDumps
2012-06-18 18:43 - 2011-11-19 09:03 - 00000000 ____D C:\Users\RA Media Server\AppData\Local\CrashDumps
2012-06-18 18:40 - 2012-06-18 18:40 - 00000222 ____A C:\Users\Lauri\Desktop\building a computer 2012 - YouTube.URL
2012-06-18 18:39 - 2012-06-18 18:39 - 00000136 ____A C:\Users\Lauri\Desktop\How to Build a Powerhouse PC Worthy of Sandy Bridge Extreme Edition PCWorld.URL
2012-06-18 18:39 - 2012-06-18 18:39 - 00000096 ____A C:\Users\Lauri\Desktop\Intel Core i5-2500K GeForce GTX 680 Build - PCPartPicker.URL
2012-06-18 18:39 - 2012-06-18 18:39 - 00000068 ____A C:\Users\Lauri\Desktop\How to Build a Computer - 2012 Version! - YouTube.URL
2012-06-18 18:38 - 2012-06-18 18:38 - 00000279 ____A C:\Users\Lauri\Desktop\YouTube - Broadcast Yourself..URL
2012-06-18 18:15 - 2011-11-20 03:57 - 00000000 ____D C:\Users\Lauri\Local Settings\CrashDumps
2012-06-18 18:15 - 2011-11-20 03:57 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\CrashDumps
2012-06-18 18:15 - 2011-11-20 03:57 - 00000000 ____D C:\Users\Lauri\AppData\Local\CrashDumps
2012-06-18 17:56 - 2012-06-18 17:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Lauri\Downloads\mseinstall.exe
2012-06-18 13:30 - 2012-06-18 13:29 - 09012680 ____A (Microsoft Corporation) C:\Users\Lauri\Desktop\NDP1.1sp1-KB929729-X86.exe
2012-06-18 13:05 - 2012-04-17 13:17 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-18 13:04 - 2012-06-18 13:04 - 00000124 ____A C:\Users\Lauri\Desktop\PC Building Best Practices Hardware PCWorld.URL
2012-06-18 12:37 - 2012-06-18 12:37 - 00000000 ____D C:\Users\Lauri\Local Settings\Macromedia
2012-06-18 12:37 - 2012-06-18 12:37 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\Macromedia
2012-06-18 12:37 - 2012-06-18 12:37 - 00000000 ____D C:\Users\Lauri\AppData\Local\Macromedia
2012-06-17 15:52 - 2012-06-17 15:52 - 00000000 ____D C:\Users\Lauri\Local Settings\Stardock_Corporation
2012-06-17 15:52 - 2012-06-17 15:52 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\Stardock_Corporation
2012-06-17 15:52 - 2012-06-17 15:52 - 00000000 ____D C:\Users\Lauri\AppData\Local\Stardock_Corporation
2012-06-17 15:25 - 2012-04-11 20:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-17 15:25 - 2012-03-26 16:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-17 15:22 - 2006-11-02 07:21 - 00376488 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 15:18 - 2010-07-25 13:00 - 00000000 ____D C:\Users\Lauri\Application Data\BitTorrent
2012-06-17 15:18 - 2010-07-25 13:00 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\BitTorrent
2012-06-17 14:08 - 2012-06-17 14:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-17 13:57 - 2012-06-17 13:57 - 00000000 ____D C:\Users\Lauri\Application Data\HipSoft
2012-06-17 13:57 - 2012-06-17 13:57 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\HipSoft
2012-06-17 13:56 - 2012-06-17 13:56 - 00000000 ____D C:\Program Files (x86)\Tiger Games
2012-06-17 13:54 - 2010-07-25 13:02 - 00000000 ____D C:\Users\Lauri\!Bit Torrent Files
2012-06-17 13:50 - 2010-10-03 09:50 - 00000000 ____D C:\Users\Lauri\Books
2012-06-17 10:59 - 2012-01-28 21:34 - 00000000 ____D C:\Users\Lauri\My Documents\My Library
2012-06-17 10:59 - 2012-01-28 21:34 - 00000000 ____D C:\Users\Lauri\Documents\My Library
2012-06-17 07:06 - 2012-06-16 18:03 - 00090112 ____A C:\Users\Lauri\Downloads\RPG MasterGameList.xls
2012-06-12 20:20 - 2012-06-12 20:14 - 00000000 ____D C:\Users\Lauri\My Documents\RCT3
2012-06-12 20:20 - 2012-06-12 20:14 - 00000000 ____D C:\Users\Lauri\Documents\RCT3
2012-06-12 20:14 - 2012-06-12 20:14 - 00000000 ____D C:\Users\Lauri\Application Data\Atari
2012-06-12 20:14 - 2012-06-12 20:14 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\Atari
2012-06-12 20:13 - 2012-06-12 20:05 - 00000000 ____D C:\Program Files (x86)\RCT3
2012-06-12 19:57 - 2012-06-12 19:57 - 00000000 ____D C:\Users\Lauri\Downloads\rct3
2012-06-11 18:21 - 2012-06-11 14:56 - 00000730 ____A C:\Users\Lauri\Sookie Stackhouse Books.txt
2012-06-11 16:58 - 2012-06-04 13:52 - 00002044 ____A C:\Users\Lauri\Desktop\Google Chrome.lnk
2012-06-11 15:37 - 2012-06-11 15:37 - 39483256 ____A (Apple Inc.) C:\Users\Lauri\Desktop\QuickTimeInstaller.exe
2012-06-09 00:37 - 2012-06-09 00:35 - 155934919 ____A C:\Users\Lauri\Downloads\DFInstall.zip
2012-06-09 00:36 - 2012-06-09 00:35 - 26941697 ____A C:\Users\Lauri\Downloads\Redguard_Comic.zip
2012-06-09 00:34 - 2012-06-09 00:34 - 09196300 ____A C:\Users\Lauri\Downloads\Arena106Setup.zip
2012-06-05 11:31 - 2009-08-17 10:01 - 00000759 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-04 13:53 - 2009-06-09 05:23 - 00000000 ____D C:\Users\Lauri\Application Data\Apple Computer
2012-06-04 13:53 - 2009-06-09 05:23 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\Apple Computer
2012-06-04 13:52 - 2011-07-20 13:32 - 00000000 ____D C:\Users\Lauri\Local Settings\Google
2012-06-04 13:52 - 2011-07-20 13:32 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\Google
2012-06-04 13:52 - 2011-07-20 13:32 - 00000000 ____D C:\Users\Lauri\AppData\Local\Google
2012-06-03 19:35 - 2012-06-18 18:20 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-03 19:28 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 14:19 - 2012-06-21 14:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 14:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 14:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 14:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 14:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 14:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 14:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-21 14:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 14:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 14:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 11:19 - 2012-06-21 14:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:19 - 2012-06-21 14:38 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 14:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 11:12 - 2012-06-21 14:38 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-01 13:02 - 2009-05-28 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-31 15:48 - 2012-05-31 15:48 - 00000142 ____A C:\Users\Lauri\Desktop\How to Build an Energy-Efficient and Quiet Gaming PC PCWorld.URL
2012-05-17 18:47 - 2012-06-16 18:27 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-16 18:27 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-16 18:27 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-16 18:27 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-16 18:27 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-16 18:27 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-16 18:27 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-16 18:27 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-16 18:27 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-16 18:27 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-16 18:27 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-16 18:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-16 18:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-16 18:27 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-16 18:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-16 18:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-16 18:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-16 18:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-16 18:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-16 18:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-16 18:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-16 18:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-16 18:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-16 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-16 18:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-16 18:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-16 18:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 12:15 - 2012-06-14 11:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 14:19 - 2012-05-06 13:22 - 00000000 ____D C:\Program Files (x86)\hpmonitor
2012-05-10 14:18 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-05-10 14:18 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 11:26 - 2012-05-09 11:26 - 00000000 ____D C:\Users\Lauri\My Documents\Homepage
2012-05-09 11:26 - 2012-05-09 11:26 - 00000000 ____D C:\Users\Lauri\Documents\Homepage
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\Lauri\Local Settings\GlobalSCAPE
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\GlobalSCAPE
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\Lauri\Application Data\GlobalSCAPE
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\GlobalSCAPE
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\Lauri\AppData\Local\GlobalSCAPE
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\All Users\GlobalSCAPE
2012-05-09 06:08 - 2012-05-09 06:08 - 00000000 ____D C:\Users\All Users\Application Data\GlobalSCAPE
2012-05-09 06:06 - 2012-05-09 06:06 - 00001843 ____A C:\Users\Public\Desktop\CuteFTP 8 Home.lnk
2012-05-09 06:06 - 2012-05-09 06:06 - 00001843 ____A C:\Users\All Users\Desktop\CuteFTP 8 Home.lnk
2012-05-09 06:06 - 2012-05-09 06:06 - 00000000 ____D C:\Program Files (x86)\GlobalSCAPE
2012-05-09 06:06 - 2009-05-28 00:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-09 06:05 - 2012-05-09 06:04 - 16908016 ____A (GlobalSCAPE, Inc. ) C:\Users\Lauri\Downloads\CuteFTP.exe
2012-05-09 05:59 - 2012-05-09 05:59 - 00287147 ____A C:\Users\Lauri\Downloads\Brothersoft_downloader_For_CuteFTP.exe
2012-05-09 05:57 - 2012-05-09 05:54 - 01323968 ____A C:\Users\Lauri\Downloads\FileZilla_3.5.3_win32.zip
2012-05-07 11:56 - 2012-05-07 11:56 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-06 13:48 - 2012-05-06 13:48 - 00029816 ____A C:\Users\Lauri\Downloads\pwd_view.zip
2012-05-06 13:31 - 2012-05-06 13:31 - 00000000 ____D C:\Users\Public\Documents\PC DM Files
2012-05-06 13:31 - 2012-05-06 13:31 - 00000000 ____D C:\Users\All Users\Documents\PC DM Files
2012-05-06 13:28 - 2012-05-06 13:21 - 00000000 ____D C:\Users\Lauri\Application Data\Asterisks Password Viewer
2012-05-06 13:28 - 2012-05-06 13:21 - 00000000 ____D C:\Users\Lauri\AppData\Roaming\Asterisks Password Viewer
2012-05-06 13:26 - 2012-01-23 13:49 - 00000000 ____D C:\Program Files (x86)\SlimComputer
2012-05-03 17:29 - 2012-05-03 17:29 - 00000154 ____A C:\Users\Lauri\Desktop\The Best Free Software, Mobile Apps, and Web Services, 2012 Edition PCWorld.URL
2012-05-03 17:29 - 2012-05-03 17:29 - 00000145 ____A C:\Users\Lauri\Desktop\The 12 Best Free Entertainment Services and Apps of 2012 PCWorld.URL
2012-05-03 17:29 - 2012-05-03 17:29 - 00000116 ____A C:\Users\Lauri\Desktop\Diablo III Beta Impressions PCWorld.URL
2012-05-01 06:29 - 2012-06-14 11:16 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-29 10:09 - 2012-01-10 16:34 - 00001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-29 10:09 - 2012-01-10 16:34 - 00001919 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-26 07:24 - 2012-04-26 07:24 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-26 07:24 - 2012-04-26 07:24 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-04-23 08:25 - 2012-06-14 11:16 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:25 - 2012-06-14 11:16 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:25 - 2012-06-14 11:16 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 08:00 - 2012-06-14 11:16 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 08:00 - 2012-06-14 11:16 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 08:00 - 2012-06-14 11:16 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 14:58 - 2012-04-18 14:58 - 00173371 ____A C:\Users\Lauri\Downloads\butterfly.gif
2012-04-17 13:17 - 2011-05-25 13:39 - 00000000 ____D C:\Program Files\Dell Support Center
2012-04-14 15:01 - 2012-04-14 15:01 - 00381248 ____A C:\Users\Lauri\Downloads\Moonstruck_Masness.LIT
2012-04-14 14:58 - 2012-04-14 14:58 - 00414404 ____A C:\Users\Lauri\Downloads\Moonstruck_Masness.epub
2012-04-12 19:58 - 2012-04-12 19:58 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-12 19:58 - 2012-04-12 19:58 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-12 19:58 - 2012-04-12 19:58 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-12 19:58 - 2010-04-19 10:41 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-09 00:56 - 2009-06-06 08:19 - 00000000 ____D C:\Users\Lauri\Local Settings\Microsoft Games
2012-04-09 00:56 - 2009-06-06 08:19 - 00000000 ____D C:\Users\Lauri\Local Settings\Application Data\Microsoft Games
2012-04-09 00:56 - 2009-06-06 08:19 - 00000000 ____D C:\Users\Lauri\AppData\Local\Microsoft Games
2012-04-04 11:56 - 2010-10-26 15:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:22 - 2012-05-09 23:44 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 04:45 - 2012-05-09 23:44 - 01422720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 02:40 - 2012-03-30 01:32 - 00000000 ____D C:\Users\Lauri\Downloads\Sega Emulator
2012-03-30 00:32 - 2012-03-30 00:32 - 01392000 ____A C:\Users\Lauri\Downloads\Rainmeter-2.2.exe
2012-03-30 00:30 - 2012-03-30 00:30 - 01857786 ____A C:\Users\Lauri\Downloads\ProcessExplorer.zip
2012-03-29 06:22 - 2012-05-09 23:44 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-03-28 12:45 - 2012-03-28 12:44 - 00000000 ____D C:\Users\Lauri\Process Viewer
2012-03-28 12:23 - 2012-03-28 12:22 - 00383259 ____A C:\Users\Lauri\Downloads\PrcView_5_2_15.zip
2012-03-26 16:43 - 2012-03-26 16:43 - 00000000 ____D C:\Users\Lauri\Downloads\fp_10.3.183.16_archive
2012-03-26 16:24 - 2012-03-26 16:18 - 70605827 ____A C:\Users\Lauri\Downloads\fp_10.3.183.16_archive.zip
2012-03-26 16:20 - 2012-03-26 16:20 - 00466080 ____A (Adobe Systems, Inc.) C:\Users\Lauri\Downloads\uninstall_flash_player_64bit.exe

ZeroAccess:
C:\Windows\Installer\{92cd4083-be9f-95ae-bd33-fa0d03fb25ea}
C:\Windows\Installer\{92cd4083-be9f-95ae-bd33-fa0d03fb25ea}\@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-06-18 15:04] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4059.98 MB
Available physical RAM: 3629.21 MB
Total Pagefile: 3933.62 MB
Available Pagefile: 3609.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:282.94 GB) (Free:66.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive i: () (Removable) (Total:7.47 GB) (Free:2.57 GB) FAT32
5 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:6.6 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7664 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 149 MB 32 KB
Partition 2 Primary 15 GB 150 MB
Partition 3 Primary 283 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 149 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X RECOVERY NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 I FAT32 Removable 7656 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-22 12:23

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 June 2012 - 07:23 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
HKLM\...\Run: [] [x]
1 ifjmiugd; \??\C:\Windows\system32\drivers\ifjmiugd.sys [x]
C:\Windows\system32\drivers\ifjmiugd.sys 
C:\Windows\Installer\{92cd4083-be9f-95ae-bd33-fa0d03fb25ea}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 June 2012 - 08:25 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-06-2012
Ran by SYSTEM at 2012-06-22 21:18:46 Run:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
ifjmiugd service deleted successfully.
C:\Windows\system32\drivers\ifjmiugd.sys not found.
C:\Windows\Installer\{92cd4083-be9f-95ae-bd33-fa0d03fb25ea} moved successfully.

==== End of Fixlog ====

Running combofix now

#6 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 June 2012 - 09:38 PM

Ran into a couple problems. When I first ran combofix it said it could not name the files combofix(1) and stopped. So I just reran it.

It showed that services.exe was infected which I sorta new from my original post. What I dont get is why no other anti-virus, malware program etc found it.

Anyway, after it finished it listed files deleted and rebooted. Unfortunately my virus program kicked in and gave me a message saying I had the win32/sirefef.PL rootkit virus and I saw COMBO FIX inthe path.
here is what history shows: Filename of C:\\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Also with GAC_64

Once COMBOFIX finished I went to open my mail and got a blue screen with this info:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 19
BCP1: 0000000000000020
BCP2: FFFFFA8001192230
BCP3: FFFFFA8001192240
BCP4: 0000000004010553
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1


----------

Here is the COMBFIX Log

ComboFix 12-06-21.03 - Lauri 06/22/2012 21:41:15.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2473 [GMT -4:00]
Running from: c:\users\Lauri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lauri\AppData\Local\Temp\ppcrlui_2496_2
c:\users\Lauri\GoToAssistDownloadHelper.exe
c:\users\Lauri\winxpvirtualcdcontrolpanel_21.exe
c:\users\Public\invokesi.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\XSxS
D:\Autorun.inf
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 03:01 . 2012-06-23 03:03 -------- d-----w- C:\FRST
2012-06-23 02:05 . 2012-06-23 02:10 -------- d-----w- c:\users\Lauri\AppData\Local\temp
2012-06-23 02:05 . 2012-06-23 02:05 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-06-23 02:05 . 2012-06-23 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 03:54 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-22 03:54 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-22 03:54 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-22 03:54 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-22 03:54 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 03:54 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-22 03:54 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 03:53 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-22 03:52 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-22 03:52 . 2012-06-22 03:52 -------- d-----w- c:\programdata\AVAST Software
2012-06-22 03:52 . 2012-06-22 03:52 -------- d-----w- c:\program files\AVAST Software
2012-06-22 03:48 . 2012-06-22 03:48 -------- d-----w- c:\users\Lauri\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 03:48 . 2012-06-22 03:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 03:48 . 2012-06-22 03:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-21 23:06 . 2012-06-21 23:06 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 22:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-21 22:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-21 22:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:38 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 22:38 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-21 22:38 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:38 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 05:37 . 2012-06-19 05:37 -------- d-----w- c:\users\Lauri\AppData\Local\ElevatedDiagnostics
2012-06-19 03:51 . 2012-06-19 03:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-18 20:37 . 2012-06-18 20:37 -------- d-----w- c:\users\Lauri\AppData\Local\Macromedia
2012-06-17 23:52 . 2012-06-17 23:52 -------- d-----w- c:\users\Lauri\AppData\Local\Stardock_Corporation
2012-06-17 22:08 . 2012-06-17 22:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-17 21:57 . 2012-06-17 21:57 -------- d-----w- c:\users\Lauri\AppData\Roaming\HipSoft
2012-06-17 21:56 . 2012-06-17 21:56 -------- d-----w- c:\program files (x86)\Tiger Games
2012-06-14 19:16 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:16 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 19:16 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 19:16 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 19:16 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 19:16 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 19:16 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 19:15 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:14 . 2012-06-13 04:14 -------- d-----w- c:\users\Lauri\AppData\Roaming\Atari
2012-06-13 04:05 . 2012-06-13 04:13 -------- d-----w- c:\program files (x86)\RCT3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 23:25 . 2012-04-12 04:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 23:25 . 2012-03-27 00:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 19:56 . 2012-05-07 19:56 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 03:58 . 2010-04-19 18:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2010-10-26 23:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-10 07:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-10 07:44 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:22 . 2012-05-10 07:44 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-12-09 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Lauri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-8-5 576000]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000Core.job
- c:\users\Lauri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 21:51]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000UA.job
- c:\users\Lauri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 21:51]
.
2012-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bfm.bingstart.com/?cfg=2-229-0-1E2iL
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: onecommunications.com\cygate
Trusted Zone: onecommunications.com\cygate2
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} - c:\users\Lauri\AppData\Local\Temp\f5tmp\urvncx.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Lauri\AppData\Roaming\Mozilla\Firefox\Profiles\tw9drsbr.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-DRPU Pc Data manager - c:\program files (x86)\DRPU PC Data Manager\apcdm.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
WebBrowser-{C53FE659-316A-4F56-A194-A5BE491BE866} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MetaFrame Presentation Server Web Client for Win32 - c:\windows\system32\ctxsetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-349142545-3791892292-1772479833-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73BCAF07-ACDA-1E45-7D74-B1EF82C49456}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-06-22 22:18:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 02:18
.
Pre-Run: 70,432,284,672 bytes free
Post-Run: 70,151,647,232 bytes free
.
- - End Of File - - 46B1E3958E9798C5CDCDE0595757FE91

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 June 2012 - 09:43 PM

we need to find a replacement for services.exe as ComboFix isn't finding one on your system, so let's have a look with another tool



Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *Services*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 June 2012 - 10:00 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:52 on 22/06/2012 by Lauri
Administrator - Elevation successful

========== filefind ==========

Searching for "*Services*"
C:\PerfLogs\System\Diagnostics\20120319-0001\System Services.xml --a---- 461839 bytes [20:58 19/03/2012] [20:58 19/03/2012] FE10DD68FDDAC2E9731B65095CFEC7A9
C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png --a---- 1509 bytes [19:04 10/04/2012] [19:04 10/04/2012] F4EC3ABEAE15FA9BB42D721E9D543F44
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll --a---- 294912 bytes [01:08 06/12/2008] [01:08 06/12/2008] 6725755F6952A08C45EC8AFBC3507042
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll --a---- 114688 bytes [03:49 30/07/2008] [03:49 30/07/2008] FB28081EC9E455C08D1F42A5265F8B4C
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll --a---- 442368 bytes [01:08 06/12/2008] [01:08 06/12/2008] 051E5E510E1A549431FBD74C6C45EEE2
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll --a---- 286720 bytes [03:49 30/07/2008] [03:49 30/07/2008] 8AB397357E4CE2B49C11A5D43B091BD0
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll --a---- 479232 bytes [03:49 30/07/2008] [03:49 30/07/2008] F1C6D0AB8F9CD827BB6AC06514307926
C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt --a---- 1665878 bytes [23:03 18/06/2009] [18:41 18/02/2009] 532ED87BB64CF19C58AE0F91FA439983
C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt --a---- 1445430 bytes [23:03 18/06/2009] [18:41 18/02/2009] 51B31EB324CB5C6936D7A14D49B0BD67
C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt --a---- 1810352 bytes [23:03 18/06/2009] [18:41 18/02/2009] 6D2BE04D9605C2D479E3CD205C406D7C
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe --a---- 59240 bytes [17:22 23/02/2012] [17:22 23/02/2012] 490AFE9936155466526202C56BD9605E
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices_main.dll --a---- 169832 bytes [17:22 23/02/2012] [17:22 23/02/2012] 215DF8CD10EAE15BD8E8F662DAAE9BD0
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\ar.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] B5934D30476A8EE2D9D9212A4E64869E
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\ca.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] BD1013EC65C62B03A1E5B91D807CA7BC
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\cs.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 182A7B6189DEF335C8C9695D8F273692
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\da.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 7D09BA9C634B9253EC9A61BB434378AB
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\de.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] 5A7926CEFDD8FA1A7BD4A0B9DE92C849
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\el.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] 3408CE28EE79AAE29846A20B9A2D2ED1
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\en.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:22 23/02/2012] [17:22 23/02/2012] 24EF7B848C75091C30B023A86FEB8383
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\es.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] 6697EDEBD182A2F6DB0DBA20445F1FC3
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\fi.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] C719D3CC5E862389F524C5B0D3626BF1
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\fr.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] AFDD7E6D40962551C26526127FAC9E22
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\he.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 06D691B90D0B4D67889FB83FE4E53862
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\hr.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] B887C7DA2087D1D5C5B7189CE2585AE2
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\hu.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] F7C00E1E6012B68C66E8FA34A77BD8BC
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\it.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] 557F06CAE1BE43EEA9636AEEFB738D4B
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\ja.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 1A9282A591C7BB4A1814B92B527CFC5C
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\ko.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] B8DCED4292FEF500057CF01821A59077
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\nb.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] FF8193562A0B8D18FDDAE7D4560E19E1
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\nl.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] 0CDE16A6B5CF5C395E56B2662FE6DA6A
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\pl.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] B0ED5C44B51641331EB4391C5DC1DC36
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\pt.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] DFFFA63650D8320AC6683EC550E353A4
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\pt_PT.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] CE9E365AA0BD7BCB0E768E65910454BE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\ro.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] E46F6B38B7358A9F653E9965FBD21D00
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\ru.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] CFE55379DA990CC373B5A3AD2A845E3E
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\sk.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 129D85B120263DBF1EEB84F1B241EE57
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\sv.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 1C01232DA9DDC1353529CF7E5DDCDB20
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\th.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] B1BEA1326EB614843F44986C3419E021
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\tr.lproj\iCloudServicesLocalized.dll --a---- 116584 bytes [17:23 23/02/2012] [17:23 23/02/2012] 592A7B901896B794053AB1D27E805EE0
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\uk.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] ED533E4F67FF38B8E38859724FBB19F1
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\zh_CN.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 3A03D5487083EEC80DB19DF592C565EB
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\zh_TW.lproj\iCloudServicesLocalized.dll --a---- 112488 bytes [17:23 23/02/2012] [17:23 23/02/2012] 3B994649164A4318ADE2E8F53F06E1BE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServices.dll --a---- 1623912 bytes [15:32 15/02/2012] [15:32 15/02/2012] 6D304C8AE9EF67197908B43F9C21F5D5
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServicesUI.dll --a---- 153448 bytes [15:32 15/02/2012] [15:32 15/02/2012] 7D7AA6C3BC5C9A2CC025A5008910856B
C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Languages\EN\Help\Corel_Support_Services.html --a---- 6462 bytes [05:37 28/06/2011] [05:37 28/06/2011] 8B426723E26DCB2BAC3A2A09A411B28D
C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Python Libraries\Lib\plat-mac\Carbon\LaunchServices.py --a---- 2594 bytes [19:16 18/07/2004] [19:16 18/07/2004] 1D573F0DC66FF157A7A5290799C50A6D
C:\Program Files (x86)\Microsoft\BingBar\apps\facebook\7.0.822\service\FBSharedServices.js --a---- 1354 bytes [09:02 10/05/2011] [09:02 10/05/2011] C34FD4A3B3C3E27F2834733FAC1E61C1
C:\Program Files (x86)\Microsoft\BingBar\apps\facebook\7.0.822\service\FBSharedServicesSettings.js --a---- 785 bytes [19:12 07/06/2011] [19:12 07/06/2011] 46F89E3BDF6FE34196076AC8853584E2
C:\Program Files (x86)\Microsoft\BingBar\apps\facebooklike\7.0.822\js\FBSharedServices.js --a---- 1354 bytes [09:02 10/05/2011] [09:02 10/05/2011] C34FD4A3B3C3E27F2834733FAC1E61C1
C:\Program Files (x86)\Microsoft\BingBar\apps\facebooklike\7.0.822\js\FBSharedServicesSettings.js --a---- 785 bytes [19:12 07/06/2011] [19:12 07/06/2011] 46F89E3BDF6FE34196076AC8853584E2
C:\Program Files (x86)\Microsoft\BingBar\scripts\objectmodel\servicesapi.js --a---- 4149 bytes [17:01 09/05/2011] [17:01 09/05/2011] C5432436F44A67B0F0300BB9331A9BD8
C:\Program Files (x86)\Microsoft Office\Templates\1033\Products And Services Overview.pot --a---- 73728 bytes [00:40 11/03/1999] [00:40 11/03/1999] 57E39B67DF8242C74A0F7C909150CA86
C:\Program Files (x86)\Microsoft WSE\v3.0\Microsoft.Web.Services3.dll --a---- 884736 bytes [21:28 01/11/2005] [21:28 01/11/2005] E42998E3BB92E6696A82EF796EFAC507
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll --a---- 294912 bytes [01:08 06/12/2008] [01:08 06/12/2008] 6725755F6952A08C45EC8AFBC3507042
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll --a---- 114688 bytes [03:49 30/07/2008] [03:49 30/07/2008] FB28081EC9E455C08D1F42A5265F8B4C
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll --a---- 442368 bytes [01:08 06/12/2008] [01:08 06/12/2008] 051E5E510E1A549431FBD74C6C45EEE2
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll --a---- 286720 bytes [03:40 30/07/2008] [03:40 30/07/2008] 4C6FBCBB7E7D4E3B0CAAA42043B6A01F
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll --a---- 507904 bytes [03:40 30/07/2008] [03:40 30/07/2008] E249D1B3114088C0D390A60643BF2BBC
C:\Program Files (x86)\VideoLAN\VLC\sdk\include\vlc\plugins\vlc_services_discovery.h --a---- 4218 bytes [12:21 14/07/2011] [12:21 14/07/2011] C26FD92EC19AC1E6F9ED9E5B78F68E8A
C:\Program Files (x86)\Windows Live\Writer\WindowsLive.Writer.CoreServices.dll --a---- 1034080 bytes [06:10 10/11/2010] [06:10 10/11/2010] DCE8E9229A8A3928D0A50FE5A4CFF280
C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt --a---- 1665878 bytes [23:03 18/06/2009] [18:39 18/02/2009] 532ED87BB64CF19C58AE0F91FA439983
C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt --a---- 1445430 bytes [23:03 18/06/2009] [18:39 18/02/2009] 51B31EB324CB5C6936D7A14D49B0BD67
C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt --a---- 1810352 bytes [23:03 18/06/2009] [18:40 18/02/2009] 6D2BE04D9605C2D479E3CD205C406D7C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk --a---- 1688 bytes [15:30 02/11/2006] [03:20 21/01/2008] EFDD08F4E5E26430885F26F0C35B8C62
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk --a---- 1688 bytes [15:30 02/11/2006] [03:20 21/01/2008] EFDD08F4E5E26430885F26F0C35B8C62
C:\Users\Lauri\!Bit Torrent Files\Dummies E-Books\IBM Workplace Services Express for Dummies (ISBN - 0471791318).pdf --a---- 8422063 bytes [21:56 02/11/2011] [11:10 04/11/2011] 51005DF4F9EE894D5189085C9F89627C
C:\Users\Lauri\!Bit Torrent Files\Dummies E-Books\Microsoft SQL Server 2005 Reporting Services for Dummies (ISBN - 076458913X).pdf --a---- 6635856 bytes [03:48 04/11/2011] [14:27 04/11/2011] 6922681AA716F2D96BBBDB4E24916A73
C:\Users\Lauri\!Bit Torrent Files\Science Fiction & Fantasy eBook Master Collection-Index & Misc\Books A to Z\C\Cooper, Louise\Louise Cooper - Services Rendered.pdf --a---- 72438 bytes [22:48 13/02/2012] [07:57 08/10/2007] 5FBBD2D3B2FB587E4A6AAB0486E881EF
C:\Users\Lauri\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 6595 bytes [20:57 26/12/2010] [02:04 05/01/2011] 3148FD84DC8488FC64550F10F08619E8
C:\Users\Lauri\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5289 bytes [20:57 26/12/2010] [02:04 05/01/2011] 645FD5668ED4C90069F2084D37386749
C:\Users\Lauri\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6139 bytes [20:57 26/12/2010] [02:04 05/01/2011] F91B18B99F48375B2691AE99BA082BE7
C:\Users\Lauri\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5288 bytes [20:57 26/12/2010] [02:04 05/01/2011] B7A49067B8FD5AC047844F330B490011
C:\Users\Lauri\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_7_3.xml --a---- 10909 bytes [20:57 26/12/2010] [02:04 05/01/2011] 1B3B574AA349758343D3C80787B9739E
C:\Users\Lauri\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.syncservices.{c328fec0-6a85-11db-9fbd-806e6f6e6963}.plist --a---- 73 bytes [22:35 10/11/2011] [22:35 10/11/2011] 6599632AF81A4A82C96F4195D968E927
C:\Users\Lauri\Contacts\LifeLock Member Services.contact --a---- 1505 bytes [02:41 20/11/2009] [02:41 20/11/2009] 5473B6FA5E4103677C22451F58A4F1C9
C:\Users\Lauri\Desktop\Webpages\The 12 Best Free Entertainment Services and Apps of 2012 PCWorld.URL --a---- 145 bytes [01:29 04/05/2012] [01:29 04/05/2012] 1EECD798919626E01A7C5A8E21D0E72A
C:\Users\Lauri\Desktop\Webpages\The Best Free Software, Mobile Apps, and Web Services, 2012 Edition PCWorld.URL --a---- 154 bytes [01:29 04/05/2012] [01:29 04/05/2012] B8AE3D3231C0DD263E5CAB096830181B
C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll --a---- 258048 bytes [23:03 18/06/2009] [04:42 30/03/2009] 70891F0ED183AC39BE4C5E43666A35C7
C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [23:03 18/06/2009] [02:04 11/04/2009] 296AACAE51A6995D2016C2C3E4774D81
C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll --a---- 245760 bytes [23:03 18/06/2009] [04:39 30/03/2009] AA4C3ECE83885A66F5DB8AAA198FA483
C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [23:03 18/06/2009] [04:39 30/03/2009] B04EACD1953BC542AF58FC9DA6B3056F
C:\Windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll --a---- 884736 bytes [04:43 03/04/2011] [04:43 03/04/2011] E42998E3BB92E6696A82EF796EFAC507
C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll --a---- 442368 bytes [03:00 05/06/2009] [03:00 05/06/2009] 051E5E510E1A549431FBD74C6C45EEE2
C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll --a---- 294912 bytes [03:00 05/06/2009] [03:00 05/06/2009] 6725755F6952A08C45EC8AFBC3507042
C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll --a---- 114688 bytes [02:59 05/06/2009] [02:59 05/06/2009] FB28081EC9E455C08D1F42A5265F8B4C
C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll --a---- 401408 bytes [23:03 18/06/2009] [04:42 30/03/2009] 85290FF9B6B3A161E95AFCCC22480347
C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll --a---- 286720 bytes [02:59 05/06/2009] [02:59 05/06/2009] 8AB397357E4CE2B49C11A5D43B091BD0
C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [23:03 18/06/2009] [04:42 30/03/2009] 891AA60D72C0D51286FD7792D53C2A12
C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll --a---- 839680 bytes [23:03 18/06/2009] [04:42 30/03/2009] D59A5B6EBFCE6DBF9EE5D8A72EB8219B
C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll --a---- 479232 bytes [02:59 05/06/2009] [02:59 05/06/2009] F1C6D0AB8F9CD827BB6AC06514307926
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\320987c596593cc063273f8267e4dcc7\System.Data.Services.Design.ni.dll --a---- 354816 bytes [22:29 10/05/2012] [22:29 10/05/2012] 07F281A0A8B1125DC0D24BAA6D691DA6
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bf32b9ca9f975a29297358d1ef962ffb\System.Data.Services.Client.ni.dll --a---- 939008 bytes [22:29 10/05/2012] [22:29 10/05/2012] 65FB1D6BF569F1E2ED159011588BD348
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\14b0ceb4417cda80abc7eb74b9025d13\System.Data.Services.ni.dll --a---- 1328128 bytes [22:29 10/05/2012] [22:29 10/05/2012] 4106B020DB36FF45B3124E5EEFA31400
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0b62909f7dc195c5f96c8875ab9b9f09\System.DirectoryServices.AccountManagement.ni.dll --a---- 881152 bytes [22:29 10/05/2012] [22:29 10/05/2012] BEC04642E584FDBE53B6141E7A55B0FA
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2352398c304c3cb6c0909099e39cfb19\System.DirectoryServices.ni.dll --a---- 1116672 bytes [22:27 10/05/2012] [22:27 10/05/2012] E25E18B591405EE32CC1FDF7C65CF94A
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\99e4eb6fb13794d1a0b10e4f2b14d106\System.DirectoryServices.Protocols.ni.dll --a---- 455680 bytes [22:27 10/05/2012] [22:27 10/05/2012] AE4D963237728EDC2F1F7518FFA9B73A
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll --a---- 627712 bytes [22:27 10/05/2012] [22:27 10/05/2012] E9FBD0E51A0BE65A623AFB1706C52499
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll --a---- 280064 bytes [22:27 10/05/2012] [22:27 10/05/2012] 55AB1D7990B071C755E09B8F6823D065
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll --a---- 1840640 bytes [22:27 10/05/2012] [22:27 10/05/2012] 2418FCFCF65115AA1E13B06610B89C38
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll --a---- 1840640 bytes [23:46 17/06/2012] [23:46 17/06/2012] C82A36B7C359E2DAAF52F5FFFBD5878C
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\5b8cc08ae3924eafbc964490cfa0e2eb\System.WorkflowServices.ni.dll --a---- 1316864 bytes [02:54 17/06/2012] [02:54 17/06/2012] F2603DA1F6C231DE18A5103E77B51E3E
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b0c68df1300f0542e7284d2bbcd63258\System.WorkflowServices.ni.dll --a---- 1316864 bytes [23:47 17/06/2012] [23:47 17/06/2012] AF2146993B582A3390B03684FCCD5A7D
C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\647abe5987e215f789b439896c6c89dc\WindowsLive.Writer.CoreServices.ni.dll --a---- 2193408 bytes [23:45 17/06/2012] [23:45 17/06/2012] 32D5B6552FC529E4DF100A334EA3381C
C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aaa6f0ba0bbf67d0030f487481b59116\WindowsLive.Writer.CoreServices.ni.dll --a---- 2193408 bytes [02:53 17/06/2012] [02:53 17/06/2012] 5E6A16C64E2070F10DA93137B93EAB32
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\80dd4bf6bc9c40e111ddb4d189381311\System.Data.Services.Client.ni.dll --a---- 1277440 bytes [23:25 10/05/2012] [23:25 10/05/2012] B874A69E7861E3A5595FF658C3326747
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\88b00cf0504accdeb888330221130a3e\System.Data.Services.Design.ni.dll --a---- 489472 bytes [23:25 10/05/2012] [23:25 10/05/2012] B8A369D8A1EFC0161343D699D83545D7
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\80dbff08c65fb51326258a5f590d4046\System.Data.Services.ni.dll --a---- 1845248 bytes [23:25 10/05/2012] [23:25 10/05/2012] 232819D0E2614F7555FFF0A40549B1CD
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\1cf88b8ca94b1feaae1bcb9c962f29ea\System.DirectoryServices.ni.dll --a---- 1639936 bytes [22:33 10/05/2012] [22:33 10/05/2012] 32927C41FD3BA1955FC0B10DE2338211
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\2fa6581654b28ad74c9a7e4a2c238a84\System.DirectoryServices.AccountManagement.ni.dll --a---- 1219584 bytes [23:25 10/05/2012] [23:25 10/05/2012] CE2FFDA8840FDD32CDC9E4785D437431
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\74bee37eb83309e9a7f69168849b7720\System.DirectoryServices.Protocols.ni.dll --a---- 650240 bytes [22:33 10/05/2012] [22:33 10/05/2012] 35F37808509FC33FF015195B86DFB0CF
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\aabb7eec932c72fa1d16815aa13f9cf7\System.EnterpriseServices.ni.dll --a---- 1081344 bytes [22:33 10/05/2012] [22:33 10/05/2012] 574CAC8E4FA8CE264AE303EF0D84ABD7
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\aabb7eec932c72fa1d16815aa13f9cf7\System.EnterpriseServices.Wrapper.dll --a---- 446464 bytes [22:33 10/05/2012] [22:33 10/05/2012] 74DDC4F4D6774FB2BCF541BA1A75E13A
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\19c7bfd896bfd1b6e732d650da6e91b4\System.Web.Services.ni.dll --a---- 2291712 bytes [23:48 17/06/2012] [23:48 17/06/2012] 832E50BA63668E3B4F4EED6D4A719B83
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ffe8c5b57dc4df47a9053cb434f5598f\System.Web.Services.ni.dll --a---- 2291712 bytes [22:33 10/05/2012] [22:33 10/05/2012] 2151262B17D5095B2E16754F7CE401A0
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5ef2b0292d6ef8f7a0b885a593aca44b\System.WorkflowServices.ni.dll --a---- 1754112 bytes [23:50 17/06/2012] [23:50 17/06/2012] 56EC18311483773C49841B3CC3CFAA35
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e8d16e0da135ebf65b5be7b48556ce2e\System.WorkflowServices.ni.dll --a---- 1754112 bytes [02:57 17/06/2012] [02:57 17/06/2012] 5DD17FFEA8688C8952EAAED2BBA3E680
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\9242a5a839c4ae4f203c32b409dc7c42\System.Data.Services.Design.ni.dll --a---- 508928 bytes [22:32 10/05/2012] [22:32 10/05/2012] B1607B2502E589C6C0F2CCAB5413AB39
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b894a1df3e6d58ada8f1aa303465ca23\System.Data.Services.Client.ni.dll --a---- 1343488 bytes [22:32 10/05/2012] [22:32 10/05/2012] EDD1AEFD73DA9B3A6063E00FC4126657
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\9b0a11f0270b5bbeae593ca5c584afaa\System.Data.Services.ni.dll --a---- 2026496 bytes [22:32 10/05/2012] [22:32 10/05/2012] F207E3A5B059836C3527DCFC975F0101
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0fe1e56d17858b6156a3a46330f75f27\System.DirectoryServices.ni.dll --a---- 1172992 bytes [22:30 10/05/2012] [22:30 10/05/2012] FD670B45802FE92AE8BE8136C866A8EA
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94d45f7f28d81304d7fa83bcea849141\System.DirectoryServices.AccountManagement.ni.dll --a---- 913920 bytes [22:32 10/05/2012] [22:32 10/05/2012] 4212CE1F95E6A51CE29C5697ACF7DDAB
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e41e86da56bb60523251e0e08210a77b\System.DirectoryServices.Protocols.ni.dll --a---- 470528 bytes [22:30 10/05/2012] [22:30 10/05/2012] 5434FF62059CA920E0CC2212D8F5A320
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll --a---- 787456 bytes [22:30 10/05/2012] [22:30 10/05/2012] 2BFB83BA5B2CED8B5720C4692D7C047A
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll --a---- 236032 bytes [22:30 10/05/2012] [22:30 10/05/2012] 768230C78724CB23F8166D6F6A2106AD
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9b418f37f4594806e1f4b0ed6d083a95\System.Web.ApplicationServices.ni.dll --a---- 71680 bytes [22:30 10/05/2012] [22:30 10/05/2012] AD564C410BC10B4B08CCA978A68D115D
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\dbe597aa9c12df5d08fb2f3f9872b834\System.Web.Services.ni.dll --a---- 1925632 bytes [22:30 10/05/2012] [22:30 10/05/2012] BFCAED0C3CD2903D04322113001256E9
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6831f648f5b925f1194f691b0b491662\System.WorkflowServices.ni.dll --a---- 1226752 bytes [02:55 17/06/2012] [02:55 17/06/2012] 94FB639AE81EC5545D0D4BE217047A35
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\536e12016ad3adc78e0708b77e6b9219\System.Data.Services.Client.ni.dll --a---- 1799168 bytes [00:21 11/05/2012] [00:21 11/05/2012] EB1FE96580BB86B682A537EF20699343
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\a7528e9723fb3c77bba4ce617a9c9e03\System.Data.Services.Design.ni.dll --a---- 662528 bytes [00:21 11/05/2012] [00:21 11/05/2012] 07681E577A5AFB07A473B931D385CCEB
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\ef77bd7c278e00372440bc2a2d6bfef0\System.Data.Services.ni.dll --a---- 2703360 bytes [00:21 11/05/2012] [00:21 11/05/2012] 0CD28DD11C6C3DB04F5EA78D4648D1AF
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\3a737af86a6a819af97a6d1a04c0e944\System.DirectoryServices.ni.dll --a---- 1622528 bytes [00:18 11/05/2012] [00:18 11/05/2012] 185896E7D5E039AD2CA531C8ACB784CA
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6a8bd7d373c988a585e90bb61c5ec8cc\System.DirectoryServices.Protocols.ni.dll --a---- 632832 bytes [00:19 11/05/2012] [00:19 11/05/2012] 4D52E3395BC4767C1EABE74C397EFD59
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\a68116468a194678fd04167067134712\System.DirectoryServices.AccountManagement.ni.dll --a---- 1217024 bytes [00:21 11/05/2012] [00:21 11/05/2012] 9B46A5C6B35D75EEBACC0902ED5ABE59
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.ni.dll --a---- 1098752 bytes [00:18 11/05/2012] [00:18 11/05/2012] 3B9242D743C5C63DC04ED9D284E68FB4
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.Wrapper.dll --a---- 348672 bytes [00:18 11/05/2012] [00:18 11/05/2012] C9ECB00F92E4F09142C78983F098BCD8
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll --a---- 86016 bytes [00:18 11/05/2012] [00:18 11/05/2012] 33B2FB6ED36F362709D89DA0B71B1997
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\d27c82130281d30a958f94d9f7027e34\System.Web.Services.ni.dll --a---- 2287104 bytes [00:19 11/05/2012] [00:19 11/05/2012] 16076E521F121F6C69BF0298CCC2CDEE
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\e92e21c0bb943f4c4c0e6ba57f2e8b11\System.WorkflowServices.ni.dll --a---- 1602560 bytes [00:22 11/05/2012] [00:22 11/05/2012] AF7BC5C32B127B9FE74656DE47A27540
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\fb9bda76fdb95462be5964d24b3a3694\System.WorkflowServices.ni.dll --a---- 1602560 bytes [03:01 17/06/2012] [03:01 17/06/2012] 48E36287592F86755BB5FB258E7E5E97
C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502\CoreServicesDll -ra---- 1034080 bytes [04:17 23/09/2010] [04:17 23/09/2010] DABF87298D33E61ECA88804F3E2B6064
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_amd64 -ra---- 442368 bytes [03:49 30/07/2008] [03:49 30/07/2008] E46278B86E04CB3698A00C0AF533DF82
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_Client_amd64 -ra---- 294912 bytes [03:49 30/07/2008] [03:49 30/07/2008] 9FFF4539248C99FACA75B0C37CFD3A32
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_Client_gac_amd64 -ra---- 294912 bytes [02:59 05/06/2009] [02:59 05/06/2009] 9FFF4539248C99FACA75B0C37CFD3A32
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_Client_gac_x86 -ra---- 294912 bytes [02:59 05/06/2009] [02:59 05/06/2009] 9FFF4539248C99FACA75B0C37CFD3A32
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_Client_x86 -ra---- 294912 bytes [03:49 30/07/2008] [03:49 30/07/2008] 9FFF4539248C99FACA75B0C37CFD3A32
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_gac_amd64 -ra---- 442368 bytes [02:59 05/06/2009] [02:59 05/06/2009] E46278B86E04CB3698A00C0AF533DF82
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_gac_x86 -ra---- 442368 bytes [02:59 05/06/2009] [02:59 05/06/2009] E46278B86E04CB3698A00C0AF533DF82
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_x86 -ra---- 442368 bytes [03:49 30/07/2008] [03:49 30/07/2008] E46278B86E04CB3698A00C0AF533DF82
C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll --a---- 246128 bytes [02:25 17/06/2012] [02:25 17/06/2012] F8C1508FAF0DD3CC9A61A02BF0CEC2B6
C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll --a---- 109568 bytes [02:25 17/06/2012] [02:25 17/06/2012] C755E17BAC396F9A9F468320B3F6CF46
C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll --a---- 237424 bytes [02:25 17/06/2012] [02:25 17/06/2012] 4B091BA37D2D8E336822CA223EA4F48C
C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll --a---- 125440 bytes [02:25 17/06/2012] [02:25 17/06/2012] 9A1563235169C94DFF5A541774CCCD6B
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll --a---- 683368 bytes [23:02 16/02/2012] [23:02 16/02/2012] 65BBC872E434FF876AB82046CB108C35
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll --a---- 436600 bytes [02:25 17/06/2012] [02:25 17/06/2012] F7FDD963EC0DB59437CA637475110D33
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll --a---- 178040 bytes [23:02 16/02/2012] [23:02 16/02/2012] 59E3A44249D12758566B9A58C28FAEC0
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll --a---- 395120 bytes [02:25 17/06/2012] [02:25 17/06/2012] 5CD0E30C15DDFC47199F864F7334B86F
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll --a---- 285072 bytes [02:25 17/06/2012] [02:25 17/06/2012] F3079930C82DB5B200943FBCAF9D8CD5
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll --a---- 182144 bytes [02:25 17/06/2012] [02:25 17/06/2012] 535C6EEB62E46D1BB5A47887E58F16EA
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll --a---- 44920 bytes [02:25 17/06/2012] [02:25 17/06/2012] 7EE951D6B7E6016D23C8024BD5708BF1
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll --a---- 857960 bytes [02:25 17/06/2012] [02:25 17/06/2012] 5015A44944DC0807AEF926EA2D3211CB
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll --a---- 431984 bytes [23:02 16/02/2012] [23:02 16/02/2012] 6F317F21781E7D5914D9A1E8F52B4F84
C:\Windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll --a---- 14376 bytes [02:48 21/01/2008] [02:48 21/01/2008] 5142D33972DE83C71A69AD46BAFFB603
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll --a---- 401408 bytes [23:03 18/06/2009] [04:42 30/03/2009] 85290FF9B6B3A161E95AFCCC22480347
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [23:03 18/06/2009] [04:42 30/03/2009] 891AA60D72C0D51286FD7792D53C2A12
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll --a---- 258048 bytes [23:03 18/06/2009] [04:42 30/03/2009] 70891F0ED183AC39BE4C5E43666A35C7
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll --a---- 57392 bytes [02:51 05/06/2009] [18:03 27/07/2008] 326C587B60592D84F32B10F73DCE58B4
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.tlb --a---- 40960 bytes [02:51 05/06/2009] [18:03 27/07/2008] C178E0ABE4E8FDFF0F9B9D30A192C9C8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [23:03 18/06/2009] [02:04 11/04/2009] 296AACAE51A6995D2016C2C3E4774D81
C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll --a---- 839680 bytes [23:03 18/06/2009] [04:42 30/03/2009] D59A5B6EBFCE6DBF9EE5D8A72EB8219B
C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe --a---- 196104 bytes [03:40 30/07/2008] [03:40 30/07/2008] 0308D7F0CC20E4A4830F55DF748DD786
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll --a---- 436600 bytes [17:16 18/03/2010] [17:16 18/03/2010] F7FDD963EC0DB59437CA637475110D33
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll --a---- 178040 bytes [20:47 18/03/2010] [20:47 18/03/2010] 59E3A44249D12758566B9A58C28FAEC0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll --a---- 683368 bytes [20:47 18/03/2010] [20:47 18/03/2010] 65BBC872E434FF876AB82046CB108C35
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll --a---- 285072 bytes [17:16 18/03/2010] [17:16 18/03/2010] F3079930C82DB5B200943FBCAF9D8CD5
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll --a---- 395120 bytes [17:16 18/03/2010] [17:16 18/03/2010] 5CD0E30C15DDFC47199F864F7334B86F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll --a---- 182144 bytes [17:16 18/03/2010] [17:16 18/03/2010] 535C6EEB62E46D1BB5A47887E58F16EA
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll --a---- 246128 bytes [17:16 18/03/2010] [17:16 18/03/2010] F8C1508FAF0DD3CC9A61A02BF0CEC2B6
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll --a---- 45952 bytes [17:16 18/03/2010] [17:16 18/03/2010] 78D1677F6400916639FC59AF6208253E
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.tlb --a---- 33280 bytes [05:08 18/03/2010] [05:08 18/03/2010] C57A8DD291A39BB74A993A783EB95EC1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll --a---- 109568 bytes [04:51 18/03/2010] [04:51 18/03/2010] C755E17BAC396F9A9F468320B3F6CF46
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll --a---- 44920 bytes [17:16 18/03/2010] [17:16 18/03/2010] 7EE951D6B7E6016D23C8024BD5708BF1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll --a---- 857960 bytes [17:16 18/03/2010] [17:16 18/03/2010] 5015A44944DC0807AEF926EA2D3211CB
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll --a---- 431984 bytes [20:47 18/03/2010] [20:47 18/03/2010] 6F317F21781E7D5914D9A1E8F52B4F84
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.DirectoryServices.dll --a---- 401408 bytes [23:03 18/06/2009] [04:39 30/03/2009] 85290FF9B6B3A161E95AFCCC22480347
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [23:03 18/06/2009] [04:39 30/03/2009] 891AA60D72C0D51286FD7792D53C2A12
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.EnterpriseServices.dll --a---- 245760 bytes [23:03 18/06/2009] [04:39 30/03/2009] AA4C3ECE83885A66F5DB8AAA198FA483
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.EnterpriseServices.Thunk.dll --a---- 63536 bytes [02:51 05/06/2009] [18:01 27/07/2008] B353161E2987F8D2A0B8C2589262AAE1
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.EnterpriseServices.tlb --a---- 33280 bytes [02:51 05/06/2009] [18:01 27/07/2008] B0CA4F11E08FF871C386A1B12B49DE68
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [23:03 18/06/2009] [04:39 30/03/2009] B04EACD1953BC542AF58FC9DA6B3056F
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.Services.dll --a---- 839680 bytes [23:03 18/06/2009] [04:39 30/03/2009] D59A5B6EBFCE6DBF9EE5D8A72EB8219B
C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe --a---- 283144 bytes [03:49 30/07/2008] [03:49 30/07/2008] E0D5C021C57F2DA6550B5D08CDE7AA8B
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll --a---- 436600 bytes [17:16 18/03/2010] [17:16 18/03/2010] F7FDD963EC0DB59437CA637475110D33
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll --a---- 178040 bytes [20:47 18/03/2010] [20:47 18/03/2010] 59E3A44249D12758566B9A58C28FAEC0
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll --a---- 683368 bytes [20:47 18/03/2010] [20:47 18/03/2010] 65BBC872E434FF876AB82046CB108C35
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll --a---- 285072 bytes [17:16 18/03/2010] [17:16 18/03/2010] F3079930C82DB5B200943FBCAF9D8CD5
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll --a---- 395120 bytes [17:16 18/03/2010] [17:16 18/03/2010] 5CD0E30C15DDFC47199F864F7334B86F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll --a---- 182144 bytes [17:16 18/03/2010] [17:16 18/03/2010] 535C6EEB62E46D1BB5A47887E58F16EA
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.dll --a---- 237424 bytes [18:27 18/03/2010] [18:27 18/03/2010] 4B091BA37D2D8E336822CA223EA4F48C
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Thunk.dll --a---- 52608 bytes [18:27 18/03/2010] [18:27 18/03/2010] B320B9C60DC9DCB77D13EAB140777337
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.tlb --a---- 33280 bytes [09:57 18/03/2010] [09:57 18/03/2010] 50B34D6ACBCB815C6E1397127CC1A650
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Wrapper.dll --a---- 125440 bytes [09:46 18/03/2010] [09:46 18/03/2010] 9A1563235169C94DFF5A541774CCCD6B
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll --a---- 44920 bytes [17:16 18/03/2010] [17:16 18/03/2010] 7EE951D6B7E6016D23C8024BD5708BF1
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll --a---- 857960 bytes [17:16 18/03/2010] [17:16 18/03/2010] 5015A44944DC0807AEF926EA2D3211CB
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.WorkflowServices.dll --a---- 431984 bytes [20:47 18/03/2010] [20:47 18/03/2010] 6F317F21781E7D5914D9A1E8F52B4F84
C:\Windows\servicing\Packages\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.cat --a---- 8413 bytes [15:11 02/11/2006] [13:33 02/11/2006] 3B80EE31511D1F0052404D03F1297D6F
C:\Windows\servicing\Packages\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.mum --a---- 2052 bytes [15:11 02/11/2006] [11:32 02/11/2006] 9E54C2822EA10ED1F699E0CC566C11E4
C:\Windows\servicing\Packages\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~~6.0.6000.16386.cat --a---- 10161 bytes [15:00 02/11/2006] [12:33 02/11/2006] D8044F9F31844CAF8AA59AFA57838CC7
C:\Windows\servicing\Packages\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~~6.0.6000.16386.mum --a---- 1514 bytes [15:00 02/11/2006] [06:53 02/11/2006] 2B040409419EB0F6F40F2E8AE8DC588E
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package-MiniLP~31bf3856ad364e35~amd64~en-US~6.0.6001.18302.cat --a---- 7576 bytes [20:32 22/10/2010] [09:54 04/08/2009] 3C1435290EA0FCD196261E7FBDA7358D
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package-MiniLP~31bf3856ad364e35~amd64~en-US~6.0.6001.18302.mum --a---- 1609 bytes [20:32 22/10/2010] [09:53 04/08/2009] E5C0220DAF1DA6DCC298B0EC13579D85
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package-TopLevel~31bf3856ad364e35~amd64~~6.0.6001.18302.cat --a---- 7576 bytes [20:32 22/10/2010] [09:54 04/08/2009] 89B39616FD80FAB5F4F81C82277535DE
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package-TopLevel~31bf3856ad364e35~amd64~~6.0.6001.18302.mum --a---- 34469 bytes [20:32 22/10/2010] [09:53 04/08/2009] A871AD46F9F063AED5E8E38B3F9242C5
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package~31bf3856ad364e35~amd64~en-US~6.0.6001.18302.cat --a---- 9057 bytes [20:32 22/10/2010] [09:54 04/08/2009] 04B9E3FEB62C792304ACB2F1B582059C
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package~31bf3856ad364e35~amd64~en-US~6.0.6001.18302.mum --a---- 1432 bytes [20:32 22/10/2010] [09:52 04/08/2009] 30830E8F7091519B958CB27908652E7B
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package~31bf3856ad364e35~amd64~~6.0.6001.18302.cat --a---- 20771 bytes [20:32 22/10/2010] [09:54 04/08/2009] 0A2935FF18A3C6CFA2EE4A29BC03D145
C:\Windows\servicing\Packages\Microsoft-Windows-Webservices-Package~31bf3856ad364e35~amd64~~6.0.6001.18302.mum --a---- 1811 bytes [20:32 22/10/2010] [09:51 04/08/2009] E2FEECD41F640247F88AF04D3D2AA7BC
C:\Windows\System32\AuxiliaryDisplayServices.dll --a---- 126464 bytes [23:04 18/06/2009] [07:11 11/04/2009] FCBF244FE64C227839EC365333CBE79B
C:\Windows\System32\OpcServices.dll --a---- 1461760 bytes [01:43 10/02/2011] [14:58 20/01/2011] 42741946EF09C7419A27AC5D8140579D
C:\Windows\System32\services.exe --a---- 381952 bytes [23:04 18/06/2009] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\System32\services.msc --a---- 92745 bytes [07:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\System32\webservices.dll --a---- 1103872 bytes [20:32 22/10/2010] [08:12 04/08/2009] 2EEAFB668358C3F42E192F95383D86C6
C:\Windows\System32\xpsservices.dll --a---- 3068416 bytes [01:43 10/02/2011] [15:01 20/01/2011] 6326EFDA3174EAAB7CA4777FE70D780F
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386.cat --a---- 8413 bytes [15:11 02/11/2006] [13:33 02/11/2006] 3B80EE31511D1F0052404D03F1297D6F
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~~6.0.6000.16386.cat --a---- 10161 bytes [15:00 02/11/2006] [12:33 02/11/2006] D8044F9F31844CAF8AA59AFA57838CC7
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Webservices-Package-MiniLP~31bf3856ad364e35~amd64~en-US~6.0.6001.18302.cat ----s-- 7576 bytes [20:32 22/10/2010] [09:54 04/08/2009] 3C1435290EA0FCD196261E7FBDA7358D
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Webservices-Package-TopLevel~31bf3856ad364e35~amd64~~6.0.6001.18302.cat ----s-- 7576 bytes [20:32 22/10/2010] [09:54 04/08/2009] 89B39616FD80FAB5F4F81C82277535DE
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Webservices-Package~31bf3856ad364e35~amd64~en-US~6.0.6001.18302.cat ----s-- 9057 bytes [20:32 22/10/2010] [09:54 04/08/2009] 04B9E3FEB62C792304ACB2F1B582059C
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Webservices-Package~31bf3856ad364e35~amd64~~6.0.6001.18302.cat ----s-- 20771 bytes [20:32 22/10/2010] [09:54 04/08/2009] 0A2935FF18A3C6CFA2EE4A29BC03D145
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\services.exe.672.dmp --a---- 1147235 bytes [21:03 18/06/2012] [21:03 18/06/2012] EC00A92BFD2E8D640B33B21364B9238C
C:\Windows\System32\drivers\etc\services --a---- 17244 bytes [12:34 02/11/2006] [21:37 18/09/2006] 9F534244B7F8F55D5C0BB498D8D481E7
C:\Windows\System32\en-US\AuxiliaryDisplayServices.dll.mui --a---- 4096 bytes [15:14 02/11/2006] [15:14 02/11/2006] 7A4C561BF42E644A34C10660FD00234D
C:\Windows\System32\en-US\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695
C:\Windows\System32\en-US\services.msc --a---- 92745 bytes [15:13 02/11/2006] [15:13 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\System32\en-US\webservices.dll.mui --a---- 194560 bytes [20:32 22/10/2010] [09:52 04/08/2009] 96F3B3CF30D9737A122ED91CF9F36C96
C:\Windows\System32\licensing\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms --a---- 4021 bytes [02:51 21/01/2008] [02:51 21/01/2008] EA7D65DF4D562F91CD3C0B9342C6E4E6
C:\Windows\System32\licensing\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms --a---- 3084 bytes [02:50 21/01/2008] [02:50 21/01/2008] EF69DF85AB10D5E0A2580C77C4159CED
C:\Windows\System32\migwiz\dlmanifests\DirectoryServices-ADAM-DL.man --a---- 2309 bytes [15:02 02/11/2006] [15:02 02/11/2006] D7937CD02F11126F42BCA7559738E27B
C:\Windows\System32\migwiz\dlmanifests\DirectoryServices-Domain-DL.man --a---- 2044 bytes [15:01 02/11/2006] [15:01 02/11/2006] EC9AB7D446510EBB8296A4FB2B167E6A
C:\Windows\System32\migwiz\dlmanifests\DirectoryServices-ISM-Smtp-DL.man --a---- 1851 bytes [02:47 21/01/2008] [02:47 21/01/2008] 4DA47743EAA0E1C5A2975F15080162BA
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-CertificateServices-CA-DL.man --a---- 1613 bytes [15:02 02/11/2006] [15:02 02/11/2006] 32A009024C4AAB1A38D503A6985B5F7D
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-CertificateServices-CAManagement-DL.man --a---- 1235 bytes [02:47 21/01/2008] [02:47 21/01/2008] C5C02C4A84ACC3BFD845EE4EBBD6AB8A
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-CertificateServices-MSCEP-DL.man --a---- 1485 bytes [02:47 21/01/2008] [02:47 21/01/2008] D31D59095D5E189140A78D39753AECDD
C:\Windows\System32\migwiz\dlmanifests\TerminalServices-Drivers-DL.man --a---- 1134 bytes [15:02 02/11/2006] [15:02 02/11/2006] 58BE377062DF00A2D6E2C678AEC872DC
C:\Windows\System32\migwiz\dlmanifests\terminalservices-licenseserver-DL.man --a---- 1800 bytes [02:47 21/01/2008] [02:47 21/01/2008] B65BBC279F1F1BF8990685CB9E35D0AF
C:\Windows\System32\migwiz\dlmanifests\TerminalServices-LocalSessionManager-DL.man --a---- 1353 bytes [15:01 02/11/2006] [15:01 02/11/2006] 6912AECCC58707895F5D37016691FAC8
C:\Windows\System32\migwiz\dlmanifests\TerminalServices-RDP-WinStationExtensions-DL.man --a---- 22336 bytes [02:47 21/01/2008] [02:47 21/01/2008] 41D5557C2D119C93CFEE9BEE27A97E1A
C:\Windows\System32\migwiz\dlmanifests\TerminalServices-RemoteConnectionManager-DL.man --a---- 1329 bytes [02:47 21/01/2008] [02:47 21/01/2008] 87BDFDD25EDC302A438D3BEC35EFF509
C:\Windows\System32\migwiz\dlmanifests\TerminalServices-SessionDirectory-Client-DL.man --a---- 2215 bytes [02:47 21/01/2008] [02:47 21/01/2008] B413D47A7BD85710D2C521ED604EA881
C:\Windows\System32\migwiz\dlmanifests\TerminalServices-TerminalServicesClient-DL.man --a---- 1784 bytes [15:01 02/11/2006] [15:01 02/11/2006] A81BB134CF54A52C20F67AEBFD351D5B
C:\Windows\System32\migwiz\dlmanifests\TextServicesFramework-Migration-DL.man --a---- 2154 bytes [15:01 02/11/2006] [15:01 02/11/2006] A39976AE141A764DA2C061E1B9D6B7AB
C:\Windows\System32\migwiz\dlmanifests\UDDIServices-SDP-DL.man --a---- 1518 bytes [15:02 02/11/2006] [15:02 02/11/2006] 5030420A481EFE7DBB731E331F85DC59
C:\Windows\System32\migwiz\dlmanifests\UDDIServicesDatabase-SDP-DL.man --a---- 1306 bytes [15:02 02/11/2006] [15:02 02/11/2006] 53C8921A817AB7935BC839AC366083B8
C:\Windows\System32\migwiz\dlmanifests\UDDIServicesWeb-SDP-DL.man --a---- 1315 bytes [15:01 02/11/2006] [15:01 02/11/2006] 96B3676F32D512035B283B5371E49CEC
C:\Windows\System32\migwiz\dlmanifests\Web-Services-for-Management-Core-DL.man --a---- 1914 bytes [02:47 21/01/2008] [02:47 21/01/2008] 2A110F0D2AE009C4F5CC41CB754B3A93
C:\Windows\System32\wbem\auxiliarydisplayservices.mof --a---- 3039 bytes [15:04 02/11/2006] [15:04 02/11/2006] 55CDB0BF117EC597F3B1065CDADE98DB
C:\Windows\System32\wbem\services.mof --a---- 2866 bytes [09:10 02/11/2006] [21:44 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx --a---- 69632 bytes [05:48 19/06/2012] [05:55 19/06/2012] 51D712E020D896B6566F5BA9A74E522B
C:\Windows\SysWOW64\OpcServices.dll --a---- 847360 bytes [01:43 10/02/2011] [14:25 20/01/2011] A15ED03919107C2A6A3395EE02C7DD47
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [23:03 18/06/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\SysWOW64\services.msc --a---- 92745 bytes [12:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\SysWOW64\webservices.dll --a---- 754688 bytes [20:32 22/10/2010] [08:02 04/08/2009] E4783742790B2084EFCBF6AE8968A73D
C:\Windows\SysWOW64\xpsservices.dll --a---- 1554432 bytes [01:43 10/02/2011] [14:28 20/01/2011] E607F9C6A2386647B572580CB147C7B3
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TURSHF6D\media.mtvnservices.com\com.mtvnservices.media.as3player.model.user.SavedPreferencesVO.sol --a---- 184 bytes [23:37 17/06/2012] [23:37 17/06/2012] D97594DC2F783873CE81AAAA3F989EED
C:\Windows\SysWOW64\en-US\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C
C:\Windows\SysWOW64\en-US\services.msc --a---- 92745 bytes [15:14 02/11/2006] [15:14 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\SysWOW64\en-US\webservices.dll.mui --a---- 204800 bytes [20:32 22/10/2010] [09:25 04/08/2009] 96DE24090E0C41639B50C3F14386CC12
C:\Windows\SysWOW64\licensing\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms --a---- 4021 bytes [02:51 21/01/2008] [02:51 21/01/2008] D40C66C818895F073A3E617F3A466C00
C:\Windows\SysWOW64\licensing\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms --a---- 3084 bytes [02:51 21/01/2008] [02:51 21/01/2008] 72830612581636025945E1C460B1386B
C:\Windows\SysWOW64\migwiz\dlmanifests\DirectoryServices-ADAM-DL.man --a---- 2309 bytes [15:02 02/11/2006] [15:02 02/11/2006] D7937CD02F11126F42BCA7559738E27B
C:\Windows\SysWOW64\migwiz\dlmanifests\DirectoryServices-Domain-DL.man --a---- 2044 bytes [15:02 02/11/2006] [15:02 02/11/2006] EC9AB7D446510EBB8296A4FB2B167E6A
C:\Windows\SysWOW64\migwiz\dlmanifests\DirectoryServices-ISM-Smtp-DL.man --a---- 1851 bytes [02:47 21/01/2008] [02:47 21/01/2008] 4DA47743EAA0E1C5A2975F15080162BA
C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-CertificateServices-CA-DL.man --a---- 1613 bytes [15:02 02/11/2006] [15:02 02/11/2006] 32A009024C4AAB1A38D503A6985B5F7D
C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-CertificateServices-CAManagement-DL.man --a---- 1235 bytes [02:47 21/01/2008] [02:47 21/01/2008] C5C02C4A84ACC3BFD845EE4EBBD6AB8A
C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-CertificateServices-MSCEP-DL.man --a---- 1485 bytes [02:47 21/01/2008] [02:47 21/01/2008] D31D59095D5E189140A78D39753AECDD
C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-Drivers-DL.man --a---- 1134 bytes [15:02 02/11/2006] [15:02 02/11/2006] 58BE377062DF00A2D6E2C678AEC872DC
C:\Windows\SysWOW64\migwiz\dlmanifests\terminalservices-licenseserver-DL.man --a---- 1800 bytes [02:47 21/01/2008] [02:47 21/01/2008] B65BBC279F1F1BF8990685CB9E35D0AF
C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-LocalSessionManager-DL.man --a---- 1353 bytes [15:02 02/11/2006] [15:02 02/11/2006] 6912AECCC58707895F5D37016691FAC8
C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-RDP-WinStationExtensions-DL.man --a---- 22336 bytes [02:47 21/01/2008] [02:47 21/01/2008] 41D5557C2D119C93CFEE9BEE27A97E1A
C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-RemoteConnectionManager-DL.man --a---- 1329 bytes [02:47 21/01/2008] [02:47 21/01/2008] 87BDFDD25EDC302A438D3BEC35EFF509
C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-SessionDirectory-Client-DL.man --a---- 2215 bytes [02:47 21/01/2008] [02:47 21/01/2008] B413D47A7BD85710D2C521ED604EA881
C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-TerminalServicesClient-DL.man --a---- 1784 bytes [15:02 02/11/2006] [15:02 02/11/2006] A81BB134CF54A52C20F67AEBFD351D5B
C:\Windows\SysWOW64\migwiz\dlmanifests\TextServicesFramework-Migration-DL.man --a---- 2154 bytes [15:02 02/11/2006] [15:02 02/11/2006] A39976AE141A764DA2C061E1B9D6B7AB
C:\Windows\SysWOW64\migwiz\dlmanifests\UDDIServices-SDP-DL.man --a---- 1518 bytes [15:02 02/11/2006] [15:02 02/11/2006] 5030420A481EFE7DBB731E331F85DC59
C:\Windows\SysWOW64\migwiz\dlmanifests\UDDIServicesDatabase-SDP-DL.man --a---- 1306 bytes [15:02 02/11/2006] [15:02 02/11/2006] 53C8921A817AB7935BC839AC366083B8
C:\Windows\SysWOW64\migwiz\dlmanifests\UDDIServicesWeb-SDP-DL.man --a---- 1315 bytes [15:02 02/11/2006] [15:02 02/11/2006] 96B3676F32D512035B283B5371E49CEC
C:\Windows\SysWOW64\migwiz\dlmanifests\Web-Services-for-Management-Core-DL.man --a---- 1914 bytes [02:47 21/01/2008] [02:47 21/01/2008] 2A110F0D2AE009C4F5CC41CB754B3A93
C:\Windows\SysWOW64\wbem\services.mof --a---- 2866 bytes [12:21 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\amd64_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.18107_none_fe950dc9258559ec\xpsservices.dll --a---- 3068416 bytes [07:16 31/10/2009] [02:00 25/09/2009] D45B6125A25B9972E67F9BFAE3B2A1AA
C:\Windows\winsxs\amd64_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.18392_none_fe2ec0d725d2d100\xpsservices.dll --a---- 3068416 bytes [01:43 10/02/2011] [15:01 20/01/2011] 6326EFDA3174EAAB7CA4777FE70D780F
C:\Windows\winsxs\amd64_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.22573_none_feceffaa3edf4f66\xpsservices.dll --a---- 3068416 bytes [01:43 10/02/2011] [15:08 20/01/2011] 9910EC194C27A7EDCF71C409527EB290
C:\Windows\winsxs\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.18107_none_f2b39522f2f517ce\OpcServices.dll --a---- 1461760 bytes [07:16 31/10/2009] [01:40 25/09/2009] 7BD7B962BF7EBBF846444E0A10D15FA2
C:\Windows\winsxs\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.18392_none_f24d4830f3428ee2\OpcServices.dll --a---- 1461760 bytes [01:43 10/02/2011] [14:58 20/01/2011] 42741946EF09C7419A27AC5D8140579D
C:\Windows\winsxs\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.22573_none_f2ed87040c4f0d48\OpcServices.dll --a---- 1461760 bytes [01:43 10/02/2011] [15:05 20/01/2011] B8E144B79FD79097639EA03E8DD0C90F
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\DirectoryServices-ADAM-DL.man --a---- 2309 bytes [15:02 02/11/2006] [15:02 02/11/2006] D7937CD02F11126F42BCA7559738E27B
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\DirectoryServices-Domain-DL.man --a---- 2044 bytes [15:01 02/11/2006] [15:01 02/11/2006] EC9AB7D446510EBB8296A4FB2B167E6A
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\DirectoryServices-ISM-Smtp-DL.man --a---- 1851 bytes [02:47 21/01/2008] [02:47 21/01/2008] 4DA47743EAA0E1C5A2975F15080162BA
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\Microsoft-Windows-CertificateServices-CA-DL.man --a---- 1613 bytes [15:02 02/11/2006] [15:02 02/11/2006] 32A009024C4AAB1A38D503A6985B5F7D
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\Microsoft-Windows-CertificateServices-CAManagement-DL.man --a---- 1235 bytes [02:47 21/01/2008] [02:47 21/01/2008] C5C02C4A84ACC3BFD845EE4EBBD6AB8A
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\Microsoft-Windows-CertificateServices-MSCEP-DL.man --a---- 1485 bytes [02:47 21/01/2008] [02:47 21/01/2008] D31D59095D5E189140A78D39753AECDD
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TerminalServices-Drivers-DL.man --a---- 1134 bytes [15:02 02/11/2006] [15:02 02/11/2006] 58BE377062DF00A2D6E2C678AEC872DC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\terminalservices-licenseserver-DL.man --a---- 1800 bytes [02:47 21/01/2008] [02:47 21/01/2008] B65BBC279F1F1BF8990685CB9E35D0AF
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TerminalServices-LocalSessionManager-DL.man --a---- 1353 bytes [15:01 02/11/2006] [15:01 02/11/2006] 6912AECCC58707895F5D37016691FAC8
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TerminalServices-RDP-WinStationExtensions-DL.man --a---- 22336 bytes [02:47 21/01/2008] [02:47 21/01/2008] 41D5557C2D119C93CFEE9BEE27A97E1A
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TerminalServices-RemoteConnectionManager-DL.man --a---- 1329 bytes [02:47 21/01/2008] [02:47 21/01/2008] 87BDFDD25EDC302A438D3BEC35EFF509
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TerminalServices-SessionDirectory-Client-DL.man --a---- 2215 bytes [02:47 21/01/2008] [02:47 21/01/2008] B413D47A7BD85710D2C521ED604EA881
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TerminalServices-TerminalServicesClient-DL.man --a---- 1784 bytes [15:01 02/11/2006] [15:01 02/11/2006] A81BB134CF54A52C20F67AEBFD351D5B
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\TextServicesFramework-Migration-DL.man --a---- 2154 bytes [15:01 02/11/2006] [15:01 02/11/2006] A39976AE141A764DA2C061E1B9D6B7AB
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\UDDIServices-SDP-DL.man --a---- 1518 bytes [15:02 02/11/2006] [15:02 02/11/2006] 5030420A481EFE7DBB731E331F85DC59
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\UDDIServicesDatabase-SDP-DL.man --a---- 1306 bytes [15:02 02/11/2006] [15:02 02/11/2006] 53C8921A817AB7935BC839AC366083B8
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\UDDIServicesWeb-SDP-DL.man --a---- 1315 bytes [15:01 02/11/2006] [15:01 02/11/2006] 96B3676F32D512035B283B5371E49CEC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\Web-Services-for-Management-Core-DL.man --a---- 1914 bytes [02:47 21/01/2008] [02:47 21/01/2008] 2A110F0D2AE009C4F5CC41CB754B3A93
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\DirectoryServices-ADAM-DL.man --a---- 2309 bytes [15:02 02/11/2006] [15:02 02/11/2006] D7937CD02F11126F42BCA7559738E27B
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\DirectoryServices-Domain-DL.man --a---- 2044 bytes [15:01 02/11/2006] [15:01 02/11/2006] EC9AB7D446510EBB8296A4FB2B167E6A
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\DirectoryServices-ISM-Smtp-DL.man --a---- 1851 bytes [02:47 21/01/2008] [02:47 21/01/2008] 4DA47743EAA0E1C5A2975F15080162BA
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\Microsoft-Windows-CertificateServices-CA-DL.man --a---- 1613 bytes [15:02 02/11/2006] [15:02 02/11/2006] 32A009024C4AAB1A38D503A6985B5F7D
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\Microsoft-Windows-CertificateServices-CAManagement-DL.man --a---- 1235 bytes [02:47 21/01/2008] [02:47 21/01/2008] C5C02C4A84ACC3BFD845EE4EBBD6AB8A
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\Microsoft-Windows-CertificateServices-MSCEP-DL.man --a---- 1485 bytes [02:47 21/01/2008] [02:47 21/01/2008] D31D59095D5E189140A78D39753AECDD
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TerminalServices-Drivers-DL.man --a---- 1134 bytes [15:02 02/11/2006] [15:02 02/11/2006] 58BE377062DF00A2D6E2C678AEC872DC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\terminalservices-licenseserver-DL.man --a---- 1800 bytes [02:47 21/01/2008] [02:47 21/01/2008] B65BBC279F1F1BF8990685CB9E35D0AF
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TerminalServices-LocalSessionManager-DL.man --a---- 1353 bytes [15:01 02/11/2006] [15:01 02/11/2006] 6912AECCC58707895F5D37016691FAC8
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TerminalServices-RDP-WinStationExtensions-DL.man --a---- 22336 bytes [02:47 21/01/2008] [02:47 21/01/2008] 41D5557C2D119C93CFEE9BEE27A97E1A
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TerminalServices-RemoteConnectionManager-DL.man --a---- 1329 bytes [02:47 21/01/2008] [02:47 21/01/2008] 87BDFDD25EDC302A438D3BEC35EFF509
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TerminalServices-SessionDirectory-Client-DL.man --a---- 2215 bytes [02:47 21/01/2008] [02:47 21/01/2008] B413D47A7BD85710D2C521ED604EA881
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TerminalServices-TerminalServicesClient-DL.man --a---- 1784 bytes [15:01 02/11/2006] [15:01 02/11/2006] A81BB134CF54A52C20F67AEBFD351D5B
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\TextServicesFramework-Migration-DL.man --a---- 2154 bytes [15:01 02/11/2006] [15:01 02/11/2006] A39976AE141A764DA2C061E1B9D6B7AB
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\UDDIServices-SDP-DL.man --a---- 1518 bytes [15:02 02/11/2006] [15:02 02/11/2006] 5030420A481EFE7DBB731E331F85DC59
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\UDDIServicesDatabase-SDP-DL.man --a---- 1306 bytes [15:02 02/11/2006] [15:02 02/11/2006] 53C8921A817AB7935BC839AC366083B8
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\UDDIServicesWeb-SDP-DL.man --a---- 1315 bytes [15:01 02/11/2006] [15:01 02/11/2006] 96B3676F32D512035B283B5371E49CEC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\Web-Services-for-Management-Core-DL.man --a---- 1914 bytes [02:47 21/01/2008] [02:47 21/01/2008] 2A110F0D2AE009C4F5CC41CB754B3A93
C:\Windows\winsxs\amd64_microsoft-windows-m..providers.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b616cca68a2f37ed\AuxiliaryDisplayServices.dll.mui --a---- 4096 bytes [15:14 02/11/2006] [15:14 02/11/2006] 7A4C561BF42E644A34C10660FD00234D
C:\Windows\winsxs\amd64_microsoft-windows-m..systemdataproviders_31bf3856ad364e35_6.0.6001.18000_none_645fbc2c54e364b6\AuxiliaryDisplayServices.dll --a---- 128512 bytes [02:51 21/01/2008] [02:51 21/01/2008] 927DB5773BA023461E1BC267FC2B46F7
C:\Windows\winsxs\amd64_microsoft-windows-m..systemdataproviders_31bf3856ad364e35_6.0.6001.18000_none_645fbc2c54e364b6\auxiliarydisplayservices.mof --a---- 3039 bytes [15:04 02/11/2006] [15:04 02/11/2006] 55CDB0BF117EC597F3B1065CDADE98DB
C:\Windows\winsxs\amd64_microsoft-windows-m..systemdataproviders_31bf3856ad364e35_6.0.6002.18005_none_664b353852053002\AuxiliaryDisplayServices.dll --a---- 126464 bytes [23:04 18/06/2009] [07:11 11/04/2009] FCBF244FE64C227839EC365333CBE79B
C:\Windows\winsxs\amd64_microsoft-windows-m..systemdataproviders_31bf3856ad364e35_6.0.6002.18005_none_664b353852053002\auxiliarydisplayservices.mof --a---- 3039 bytes [15:04 02/11/2006] [15:04 02/11/2006] 55CDB0BF117EC597F3B1065CDADE98DB
C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc --a---- 92745 bytes [15:13 02/11/2006] [15:13 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof --a---- 2866 bytes [09:10 02/11/2006] [21:44 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [23:04 18/06/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof --a---- 2866 bytes [09:10 02/11/2006] [21:44 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc --a---- 92745 bytes [07:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\amd64_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.0.6000.16386_none_789e0c43924f86bd\TableTextServiceSimplifiedShuangPin.txt --a---- 1445244 bytes [07:19 02/11/2006] [01:07 27/09/2006] 5376E1CA5D7CB4ADD4CD69C3557A3F76
C:\Windows\winsxs\amd64_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.0.6002.18005_none_7cc0474b8c5c62dd\TableTextServiceSimplifiedShuangPin.txt --a---- 1445430 bytes [23:03 18/06/2009] [18:41 18/02/2009] 51B31EB324CB5C6936D7A14D49B0BD67
C:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.0.6000.16386_none_51ac7ce47bb7399c\TableTextServiceSimplifiedQuanPin.txt --a---- 1665692 bytes [07:19 02/11/2006] [01:07 27/09/2006] 44159F717B2A95551F0C6959C18B11DD
C:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.0.6002.18005_none_55ceb7ec75c415bc\TableTextServiceSimplifiedQuanPin.txt --a---- 1665878 bytes [23:03 18/06/2009] [18:41 18/02/2009] 532ED87BB64CF19C58AE0F91FA439983
C:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.0.6000.16386_none_bd3e5593e4d8cbd8\TableTextServiceSimplifiedZhengMa.txt --a---- 1810166 bytes [07:19 02/11/2006] [01:07 27/09/2006] AF4BE34135F5DCA765C7596C1933400E
C:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.0.6002.18005_none_c160909bdee5a7f8\TableTextServiceSimplifiedZhengMa.txt --a---- 1810352 bytes [23:03 18/06/2009] [18:41 18/02/2009] 6D2BE04D9605C2D479E3CD205C406D7C
C:\Windows\winsxs\amd64_microsoft-windows-t..onmanager-uieffects_31bf3856ad364e35_6.0.6001.18000_none_53855fefaf493b03\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms --a---- 3084 bytes [02:50 21/01/2008] [02:50 21/01/2008] EF69DF85AB10D5E0A2580C77C4159CED
C:\Windows\winsxs\amd64_microsoft-windows-t..tionmanager-license_31bf3856ad364e35_6.0.6001.18000_none_551e3820877ffaca\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms --a---- 4021 bytes [02:51 21/01/2008] [02:51 21/01/2008] EA7D65DF4D562F91CD3C0B9342C6E4E6
C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services --a---- 17244 bytes [06:42 02/11/2006] [21:37 18/09/2006] 9F534244B7F8F55D5C0BB498D8D481E7
C:\Windows\winsxs\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_6ad7c16c2e9b895e\webservices.dll.mui --a---- 194560 bytes [20:32 22/10/2010] [09:52 04/08/2009] 96F3B3CF30D9737A122ED91CF9F36C96
C:\Windows\winsxs\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_6a9cfa02e70ddb2b\webservices.dll --a---- 1103872 bytes [20:32 22/10/2010] [08:12 04/08/2009] 2EEAFB668358C3F42E192F95383D86C6
C:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_0ade4fd9a3068f91\System.EnterpriseServices.Thunk.dll --a---- 55296 bytes [06:37 02/11/2006] [01:12 20/10/2006] 212429D04D97833392A999ED24024DB3
C:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_0ad8d63da30b5f05\System.EnterpriseServices.Thunk.dll --a---- 63536 bytes [02:51 05/06/2009] [17:59 27/07/2008] B353161E2987F8D2A0B8C2589262AAE1
C:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_f410ece1bcada3f8\System.EnterpriseServices.Thunk.dll --a---- 63536 bytes [02:51 05/06/2009] [17:55 27/07/2008] B353161E2987F8D2A0B8C2589262AAE1
C:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_0ab2d195a35e385d\System.EnterpriseServices.Thunk.dll --a---- 63536 bytes [02:50 21/01/2008] [02:50 21/01/2008] EECC74D471F4A1D95B96DE8D77E6737B
C:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_0ab3baf3a35d6ba6\System.EnterpriseServices.Thunk.dll --a---- 63536 bytes [02:51 05/06/2009] [18:01 27/07/2008] B353161E2987F8D2A0B8C2589262AAE1
C:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_f3e82b8fbd02e4b9\System.EnterpriseServices.Thunk.dll --a---- 63536 bytes [02:51 05/06/2009] [18:02 27/07/2008] B353161E2987F8D2A0B8C2589262AAE1
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_21f9649f8d9e04b3\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [06:37 02/11/2006] [01:12 20/10/2006] 6BDB34DABC3E43A399782FEEF2531616
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16720_none_21f3eb038da2d427\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [17:59 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.20883_none_0b2c01a7a745191a\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [17:55 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_21cde65b8df5ad7f\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:49 21/01/2008] [02:49 21/01/2008] 710FC83A1C3E2C64F18C342E22C57BA9
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18111_none_21cecfb98df4e0c8\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [18:01 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.22230_none_0b034055a79a59db\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [18:02 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_21a96b978e474193\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [23:03 18/06/2009] [04:39 30/03/2009] 891AA60D72C0D51286FD7792D53C2A12
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16386_none_4285eaf0e39925b4\System.DirectoryServices.dll --a---- 397312 bytes [06:37 02/11/2006] [01:12 20/10/2006] 7E1FC67900EA31FA56A6B7542FA27E17
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16720_none_42807154e39df528\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [17:59 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6000.20883_none_2bb887f8fd403a1b\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [17:55 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18000_none_425a6cace3f0ce80\System.DirectoryServices.dll --a---- 401408 bytes [02:50 21/01/2008] [02:50 21/01/2008] BB8F8C6047F473CAD5430266FB69A7DA
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18111_none_425b560ae3f001c9\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [18:01 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6001.22230_none_2b8fc6a6fd957adc\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [18:02 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6002.18005_none_4235f1e8e4426294\System.DirectoryServices.dll --a---- 401408 bytes [23:03 18/06/2009] [04:39 30/03/2009] 85290FF9B6B3A161E95AFCCC22480347
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6000.16386_none_245b513027fdccff\System.Web.Services.dll --a---- 823296 bytes [06:37 02/11/2006] [01:12 20/10/2006] D01562C5557F59B26ACA8CEA328B8BC7
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6000.16720_none_2455d79428029c73\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [17:59 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6000.20883_none_0d8dee3841a4e166\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [17:55 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_242fd2ec285575cb\System.Web.Services.dll --a---- 839680 bytes [02:48 21/01/2008] [02:48 21/01/2008] 553A64D2555FD7AD7688415ABA48F666
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6001.18111_none_2430bc4a2854a914\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [18:01 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6001.22230_none_0d652ce641fa2227\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [18:02 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6002.18005_none_240b582828a709df\System.Web.Services.dll --a---- 839680 bytes [23:03 18/06/2009] [04:39 30/03/2009] D59A5B6EBFCE6DBF9EE5D8A72EB8219B
C:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16386_none_d44833384d3d995c\System.EnterpriseServices.tlb --a---- 33280 bytes [06:37 02/11/2006] [01:12 20/10/2006] 6796433471517FEBC073BD1F36FAF7CC
C:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16720_none_d442b99c4d4268d0\System.EnterpriseServices.tlb --a---- 33280 bytes [02:51 05/06/2009] [17:59 27/07/2008] B0CA4F11E08FF871C386A1B12B49DE68
C:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.20883_none_bd7ad04066e4adc3\System.EnterpriseServices.tlb --a---- 33280 bytes [02:51 05/06/2009] [17:55 27/07/2008] B0CA4F11E08FF871C386A1B12B49DE68
C:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.18111_none_d41d9e524d947571\System.EnterpriseServices.tlb --a---- 33280 bytes [02:51 05/06/2009] [18:01 27/07/2008] B0CA4F11E08FF871C386A1B12B49DE68
C:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.22230_none_bd520eee6739ee84\System.EnterpriseServices.tlb --a---- 33280 bytes [02:51 05/06/2009] [18:02 27/07/2008] B0CA4F11E08FF871C386A1B12B49DE68
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_8e24e6909943be6e\System.EnterpriseServices.dll --a---- 245760 bytes [06:37 02/11/2006] [01:12 20/10/2006] F9E8F644A0B6283DB2E6ADE9FE83AD78
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_8e24e6909943be6e\System.EnterpriseServices.Wrapper.dll --a---- 132608 bytes [06:37 02/11/2006] [01:12 20/10/2006] 333C8683FFC0B3FAFB141D5A52C7AD02
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16720_none_8e1f6cf499488de2\System.EnterpriseServices.dll --a---- 245760 bytes [02:51 05/06/2009] [17:59 27/07/2008] B3F1206075ED3EFBA4A76525979193B8
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16720_none_8e1f6cf499488de2\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [02:51 05/06/2009] [17:59 27/07/2008] 1F29B0E5A6F27DFFD7FA14771F4C6F60
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.20883_none_77578398b2ead2d5\System.EnterpriseServices.dll --a---- 245760 bytes [02:51 05/06/2009] [17:55 27/07/2008] B3F1206075ED3EFBA4A76525979193B8
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.20883_none_77578398b2ead2d5\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [02:51 05/06/2009] [17:55 27/07/2008] 1F29B0E5A6F27DFFD7FA14771F4C6F60
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18000_none_8df9684c999b673a\System.EnterpriseServices.dll --a---- 245760 bytes [02:49 21/01/2008] [02:49 21/01/2008] 44FC17E7647D63E474B9B60443C68D33
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18000_none_8df9684c999b673a\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [02:49 21/01/2008] [02:49 21/01/2008] 56AB85D794792AD1538C8F31B7F23506
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18111_none_8dfa51aa999a9a83\System.EnterpriseServices.dll --a---- 245760 bytes [02:51 05/06/2009] [18:01 27/07/2008] B3F1206075ED3EFBA4A76525979193B8
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18111_none_8dfa51aa999a9a83\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [02:51 05/06/2009] [18:01 27/07/2008] 1F29B0E5A6F27DFFD7FA14771F4C6F60
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.22230_none_772ec246b3401396\System.EnterpriseServices.dll --a---- 245760 bytes [02:51 05/06/2009] [18:02 27/07/2008] B3F1206075ED3EFBA4A76525979193B8
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.22230_none_772ec246b3401396\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [02:51 05/06/2009] [18:02 27/07/2008] 1F29B0E5A6F27DFFD7FA14771F4C6F60
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6002.18005_none_8dd4ed8899ecfb4e\System.EnterpriseServices.dll --a---- 245760 bytes [23:03 18/06/2009] [04:39 30/03/2009] AA4C3ECE83885A66F5DB8AAA198FA483
C:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6002.18005_none_8dd4ed8899ecfb4e\System.EnterpriseServices.Wrapper.dll --a---- 133120 bytes [23:03 18/06/2009] [04:39 30/03/2009] B04EACD1953BC542AF58FC9DA6B3056F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_2afbe1e9a993c20d.manifest --a---- 7342 bytes [03:11 21/01/2008] [02:55 21/01/2008] 1DAC8012273045107AFA68A661CD894E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_2afbe1e9a993c20d_ntdsapi.dll_23e20303 --a---- 146432 bytes [03:11 21/01/2008] [02:55 21/01/2008] 33741BA808457C9AF07055C0FBEFE973
C:\Windows\winsxs\Backup\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_2afbe1e9a993c20d_w32topl.dll_1a0f388b --a---- 34304 bytes [03:11 21/01/2008] [02:55 21/01/2008] E3E0DAA2CD7A5B0AA102C4FF1329B921
C:\Windows\winsxs\Backup\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_0ff86ded5673cae6.manifest --a---- 96214 bytes [23:26 18/06/2009] [23:14 18/06/2009] 926AA4E7640A933AD9515B467C2E8EA1
C:\Windows\winsxs\Backup\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_0ff86ded5673cae6_samlib.dll_caeebf04 --a---- 99328 bytes [23:26 18/06/2009] [23:14 18/06/2009] 5279672A8BDAF3CFB0A4C6E0591987AC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_0ff86ded5673cae6_samsrv.dll_b7a400ca --a---- 671744 bytes [23:26 18/06/2009] [23:14 18/06/2009] 60EEC5440C2D05E5FDA04900E45FF717
C:\Windows\winsxs\Backup\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_0ff86ded5673cae6_samsrv.mof_b7a3f662 --a---- 61288 bytes [23:26 18/06/2009] [23:14 18/06/2009] 12A112FFC14DD4CFCF423F119B8E0D35
C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23_services.exe.mui_86ea5e71 --a---- 17408 bytes [15:15 02/11/2006] [15:14 02/11/2006] F514B57C09E143F1E14415A9E9ADD695
C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c_services.exe_abfc33da --a---- 384512 bytes [23:26 18/06/2009] [23:15 18/06/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c_services.mof_abfc36b4 --a---- 2866 bytes [23:26 18/06/2009] [23:15 18/06/2009] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\Backup\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_38fe8ae8845e5731.manifest --a---- 6181 bytes [03:09 21/01/2008] [02:55 21/01/2008] F9303C9086C2FB5439D7AF97D4D74C48
C:\Windows\winsxs\Backup\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_38fe8ae8845e5731_winsta.dll_4e6f9a4e --a---- 205312 bytes [03:09 21/01/2008] [02:55 21/01/2008] 1671EF15434501ABBE9E7BE905EF998B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_234f86e17eb2ad51.manifest --a---- 5516 bytes [03:10 21/01/2008] [02:55 21/01/2008] 7C3BA8DC917FF6522930398300779FFF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_234f86e17eb2ad51_wtsapi32.dll_470d4d41 --a---- 31232 bytes [03:10 21/01/2008] [02:55 21/01/2008] 6C2D2558DECB89C83873F80160D19F2C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_333f6de675986eae.manifest --a---- 3842 bytes [15:15 02/11/2006] [15:14 02/11/2006] 24297C213B5A362E8723E7003105FB3B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_333f6de675986eae_sti.dll.mui_00a4f15b --a---- 6656 bytes [15:15 02/11/2006] [15:14 02/11/2006] 7A17EA8AABB9B774908D305BC7E58F4F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_333f6de675986eae_wiaservc.dll.mui_54051b53 --a---- 2560 bytes [15:15 02/11/2006] [15:14 02/11/2006] E7FA97889A20765E053CAC7D48BBC535
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f_services_d4a357ca --a---- 17244 bytes [03:10 21/01/2008] [02:55 21/01/2008] 9F534244B7F8F55D5C0BB498D8D481E7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_909e4fa168d29889.manifest --a---- 133184 bytes [23:26 18/06/2009] [23:14 18/06/2009] 821DBFEAF6A8C602CB3FE810D723C2A3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_909e4fa168d29889_sti.dll_d93e8a42 --a---- 286720 bytes [23:26 18/06/2009] [23:14 18/06/2009] 664FD33C1651DE98EECC46572A284EE0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_909e4fa168d29889_wiarpc.dll_5aecac54 --a---- 41472 bytes [23:26 18/06/2009] [23:14 18/06/2009] 808A26DA7028B02A081A5A1BCBF69A2A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_909e4fa168d29889_wiaservc.dll_08fa1e78 --a---- 572416 bytes [23:26 18/06/2009] [23:14 18/06/2009] 15825C1FBFB8779992CB65087F316AF5
C:\Windows\winsxs\Backup\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_909e4fa168d29889_wiatrace.dll_dfb4e972 --a---- 14848 bytes [23:26 18/06/2009] [23:14 18/06/2009] 3E5EF481EAA9695181B6C02A2B88983E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_6ad7c16c2e9b895e.manifest --a---- 1413 bytes [20:32 22/10/2010] [20:32 22/10/2010] 1482E02C684D4E65171555D2C9D04245
C:\Windows\winsxs\Backup\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_6ad7c16c2e9b895e_webservices.dll.mui_eecc809d --a---- 194560 bytes [20:32 22/10/2010] [20:32 22/10/2010] 96F3B3CF30D9737A122ED91CF9F36C96
C:\Windows\winsxs\Backup\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_6a9cfa02e70ddb2b.manifest --a---- 2037 bytes [20:32 22/10/2010] [20:32 22/10/2010] 7C6AC1A7FEFE0C97B7AFFE67E5D640E1
C:\Windows\winsxs\Backup\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_6a9cfa02e70ddb2b_webservices.dll_58f50a80 --a---- 1103872 bytes [20:32 22/10/2010] [20:32 22/10/2010] 2EEAFB668358C3F42E192F95383D86C6
C:\Windows\winsxs\Backup\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_1a4d183f8ad48ce1.manifest --a---- 92228 bytes [23:26 18/06/2009] [23:14 18/06/2009] 8B53343214D4C48E54FEFE7F22A43E2F
C:\Windows\winsxs\Backup\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_1a4d183f8ad48ce1_samlib.dll_caeebf04 --a---- 57344 bytes [23:26 18/06/2009] [23:14 18/06/2009] 453DE2958C885527E20C79A3FEFE6AF7
C:\Windows\winsxs\Backup\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_1a4d183f8ad48ce1_samsrv.mof_b7a3f662 --a---- 61288 bytes [23:26 18/06/2009] [23:14 18/06/2009] 12A112FFC14DD4CFCF423F119B8E0D35
C:\Windows\winsxs\Backup\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_9af2f9f39d335a84.manifest --a---- 95256 bytes [23:26 18/06/2009] [23:14 18/06/2009] 96928E7F67113D74423A00930E8627B5
C:\Windows\winsxs\Backup\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_9af2f9f39d335a84_sti.dll_d93e8a42 --a---- 198144 bytes [23:26 18/06/2009] [23:14 18/06/2009] 365828E555E9479246EFD9090C41C2D7
C:\Windows\winsxs\Backup\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_9af2f9f39d335a84_wiatrace.dll_dfb4e972 --a---- 12800 bytes [23:26 18/06/2009] [23:14 18/06/2009] 428FF21418ADCD6FAD6189CD9520A67B
C:\Windows\winsxs\Backup\wow64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_752c6bbe62fc4b59.manifest --a---- 1413 bytes [20:32 22/10/2010] [20:32 22/10/2010] C782C01BAC16AAEE05C84C205312EA51
C:\Windows\winsxs\Backup\wow64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_752c6bbe62fc4b59_webservices.dll.mui_eecc809d --a---- 204800 bytes [20:32 22/10/2010] [20:32 22/10/2010] 96DE24090E0C41639B50C3F14386CC12
C:\Windows\winsxs\Backup\wow64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_74f1a4551b6e9d26.manifest --a---- 2286 bytes [20:32 22/10/2010] [20:32 22/10/2010] 75DE9FAF5ADA4611184AE6C0819BC59E
C:\Windows\winsxs\Backup\wow64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_74f1a4551b6e9d26_webservices.dll_58f50a80 --a---- 754688 bytes [20:32 22/10/2010] [20:32 22/10/2010] E4783742790B2084EFCBF6AE8968A73D
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7.manifest --a---- 7273 bytes [03:10 21/01/2008] [02:55 21/01/2008] 7EC1383B23F3BCDBFB8E3649E9668736
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7_ntdsapi.dll_23e20303 --a---- 88576 bytes [03:10 21/01/2008] [02:55 21/01/2008] 7F0F1D4B0D847696F8E309423D227DCE
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7_w32topl.dll_1a0f388b --a---- 26624 bytes [03:10 21/01/2008] [02:55 21/01/2008] 091D2012DF6E474283F84880F4DDA51A
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced_services.exe.mui_86ea5e71 --a---- 17920 bytes [15:15 02/11/2006] [15:14 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56_services.exe_abfc33da --a---- 279552 bytes [23:26 18/06/2009] [23:14 18/06/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\Backup\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56_services.mof_abfc36b4 --a---- 2866 bytes [23:26 18/06/2009] [23:14 18/06/2009] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\Backup\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_dcdfef64cc00e5fb.manifest --a---- 6159 bytes [03:10 21/01/2008] [02:55 21/01/2008] 5376F384A38FCFB494C45C9DFE630581
C:\Windows\winsxs\Backup\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_dcdfef64cc00e5fb_winsta.dll_4e6f9a4e --a---- 140800 bytes [03:10 21/01/2008] [02:55 21/01/2008] 4AAFC7461633848AA87A363B2CBEC522
C:\Windows\winsxs\Backup\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_c730eb5dc6553c1b.manifest --a---- 5498 bytes [03:11 21/01/2008] [02:55 21/01/2008] B1BDAB6E2935160FF4D5E9126ED4D229
C:\Windows\winsxs\Backup\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_c730eb5dc6553c1b_wtsapi32.dll_470d4d41 --a---- 26624 bytes [03:11 21/01/2008] [02:55 21/01/2008] F42483814FC39170B3982A184EC5AAA2
C:\Windows\winsxs\Backup\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d720d262bd3afd78.manifest --a---- 3840 bytes [15:15 02/11/2006] [15:14 02/11/2006] CBD55AEAFA52B5EEBCE4F8222AF7D7EB
C:\Windows\winsxs\Backup\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d720d262bd3afd78_sti.dll.mui_00a4f15b --a---- 7168 bytes [15:15 02/11/2006] [15:14 02/11/2006] 1A4D930B0C21716249256FBF03163D49
C:\Windows\winsxs\Backup\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d720d262bd3afd78_wiaservc.dll.mui_54051b53 --a---- 3072 bytes [15:15 02/11/2006] [15:14 02/11/2006] 1B3D206BFCF59C50266BC107FE03410E
C:\Windows\winsxs\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-directoryservices-adam-dl_6c3018cc6f347ede.cdf-ms --a---- 936 bytes [15:07 02/11/2006] [02:54 21/01/2008] F99AA1B1893DF7C3067D9C73BB4C0951
C:\Windows\winsxs\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms --a---- 1464 bytes [15:07 02/11/2006] [23:14 18/06/2009] 6A21B78DF074DE26A723CCC9A26361C6
C:\Windows\winsxs\FileMaps\$$_syswow64_migwiz_dlmanifests_microsoft-windows-directoryservices-adam-dl_f3fca213969e9fd8.cdf-ms --a---- 932 bytes [15:07 02/11/2006] [02:54 21/01/2008] E2029BDD2685CFC860849078B7CF3BF4
C:\Windows\winsxs\FileMaps\$$_syswow64_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_c487ba76d2956e8b.cdf-ms --a---- 1460 bytes [15:07 02/11/2006] [23:14 18/06/2009] DB899465005D2D006AE5EB0BC8ACBE54
C:\Windows\winsxs\FileMaps\program_files_common_files_services_e36ba211a9258e5f.cdf-ms --a---- 692 bytes [13:08 02/11/2006] [13:06 02/11/2006] 828266F47B9B18E1AC4A2D2B3184BE59
C:\Windows\winsxs\FileMaps\program_files_x86_common_files_services_6790b84ed64d877a.cdf-ms --a---- 696 bytes [13:08 02/11/2006] [13:06 02/11/2006] 0372186DF452E55F1B60FB9417CFF4D6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.0.6000.16386_none_c89cffe93b498f7f.manifest --a---- 4017 bytes [12:32 02/11/2006] [12:22 02/11/2006] 3A8DE300C98DEBDEBA151516181565DD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.0.6001.18000_none_cad3c1e53834a053.manifest --a---- 4017 bytes [02:38 21/01/2008] [02:38 21/01/2008] F62ED5230D857C3597C625869E4C60B9
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6000.16386_none_28c51fedaca8b139.manifest --a---- 7342 bytes [12:30 02/11/2006] [12:19 02/11/2006] 61D5438E6851E8F24199C3817E1B5B89
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_2afbe1e9a993c20d.manifest --a---- 7342 bytes [02:40 21/01/2008] [02:40 21/01/2008] 1DAC8012273045107AFA68A661CD894E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.0.6000.16386_none_2303334e602a5e20.manifest --a---- 2670 bytes [12:32 02/11/2006] [12:21 02/11/2006] 1D158E0816380CD7EA6A1135204BA43D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_0bd632e55c66eec6.manifest --a---- 94298 bytes [12:30 02/11/2006] [12:22 02/11/2006] B81A5E2606D0A1C5E1E6411EF2C20B67
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_0e0cf4e15951ff9a.manifest --a---- 96218 bytes [02:39 21/01/2008] [02:39 21/01/2008] 5BE7B8D0B934FC18FC030CFD7FEA5B12
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_0ff86ded5673cae6.manifest ------- 96214 bytes [22:44 18/06/2009] [04:45 11/04/2009] 926AA4E7640A933AD9515B467C2E8EA1
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.0.6000.16386_none_1751578bdd10ba8b.manifest --a---- 23023 bytes [14:59 02/11/2006] [14:59 02/11/2006] E9A03F5CA7EAB515A46C1BF30136C3EC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.0.6001.18000_none_19881987d9fbcb5f.manifest --a---- 23023 bytes [02:43 21/01/2008] [02:43 21/01/2008] 11CB2589B9D38EB1E3F74BBAEAFD1582
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.0.6000.16386_none_ff5ad861f780763c.manifest --a---- 23002 bytes [14:59 02/11/2006] [14:59 02/11/2006] 8FA9277BB4AA395E9F4A487809993060
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.0.6001.18000_none_01919a5df46b8710.manifest --a---- 23002 bytes [02:43 21/01/2008] [02:43 21/01/2008] 65EDB92A2EFB9D30AE2B9B49DB7ED1B0
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ehome-services-ehstart_31bf3856ad364e35_6.0.6000.16386_none_073c1925f264e317.manifest --a---- 7623 bytes [14:59 02/11/2006] [14:59 02/11/2006] BEF72388E7259213917B52A74DFA8A3A
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-live-services_31bf3856ad364e35_6.0.6000.16386_none_2f935da747417d1f.manifest --a---- 11417 bytes [14:59 02/11/2006] [14:59 02/11/2006] 6615FE46CD4C38F4A1272352E0B759EC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..ityanalysisservices_31bf3856ad364e35_6.0.6000.16386_none_00805744bd055ed8.manifest --a---- 2934 bytes [12:32 02/11/2006] [12:15 02/11/2006] F0F4610C0F345BA91C4B74745D5E8015
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_0fa33328c0c01e47.manifest --a---- 7946 bytes [12:30 02/11/2006] [12:21 02/11/2006] D804E9366BF3AD41363110984DF436F5
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b.manifest --a---- 8441 bytes [02:41 21/01/2008] [02:41 21/01/2008] BC3FACD783F7E89EE4AF027FF5BB2948
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_294bbc2c012d4545.manifest --a---- 3750 bytes [12:32 02/11/2006] [12:23 02/11/2006] A4AF23F3CDCB58D951B83573D7B545BA
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619.manifest --a---- 3750 bytes [02:42 21/01/2008] [02:42 21/01/2008] 7FE3045243BC66D262400AD03C3D758E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services_31bf3856ad364e35_6.0.6000.16386_none_70b76252bdf84812.manifest --a---- 1555 bytes [12:31 02/11/2006] [12:16 02/11/2006] 99BCC24D5C5860DB8639FB39AEE3C321
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.0.6000.16386_none_65740ec286cfbbc3.manifest --a---- 44740 bytes [12:32 02/11/2006] [12:21 02/11/2006] 724F80A9A7F3672093AE447417872C18
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.0.6001.18000_none_67aad0be83bacc97.manifest --a---- 46779 bytes [02:40 21/01/2008] [02:40 21/01/2008] BD931415A09D1F177ABC85C0C27B4B4E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.0.6000.16386_none_7695045bd4852384.manifest --a---- 270820 bytes [15:00 02/11/2006] [15:00 02/11/2006] 015700B9511D7D00CC7B65B55E571F73
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.0.6001.18000_none_78cbc657d1703458.manifest --a---- 270820 bytes [02:43 21/01/2008] [02:43 21/01/2008] 998E8761400AE331914CACD2109FC5EA
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.0.6002.18005_none_7ab73f63ce91ffa4.manifest ------- 270820 bytes [22:45 18/06/2009] [04:43 11/04/2009] 1A4F491D955EB2DE883D8D746D67B6E3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.0.6000.16386_none_27c0a102d4b55470.manifest --a---- 7378 bytes [12:32 02/11/2006] [12:20 02/11/2006] 9F072E56BFADB25060E2DF2B39648CA7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.0.6001.18000_none_29f762fed1a06544.manifest --a---- 7378 bytes [02:41 21/01/2008] [02:41 21/01/2008] 7BD62366E7317D89071AECC3F6D6BC90
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6000.16386_none_a7c4271cdc89f060.manifest --a---- 24732 bytes [12:32 02/11/2006] [12:21 02/11/2006] D003EA7A9D1EA402E0EEF1CD5589B1ED
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18000_none_a9fae918d9750134.manifest --a---- 25375 bytes [02:41 21/01/2008] [02:41 21/01/2008] 08F9BFD0AA8EC7E52FA0360944921EE8
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18564_none_a9be1436d9a1fff9.manifest ------- 26821 bytes [05:08 09/03/2011] [11:27 20/12/2010] 39E1299E58DFD4B9108AAEA9EF00C014
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.22815_none_aa7ec4b3f29627b3.manifest ------- 25375 bytes [05:08 09/03/2011] [17:10 17/12/2010] 1401BBAEFF87AA7DBC2637DBA5A2CE37
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.18005_none_abe66224d696cc80.manifest ------- 25375 bytes [22:45 18/06/2009] [04:44 11/04/2009] AEAB66C1164A08986B3A4A66B87B76C7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.18356_none_abb15884d6be6901.manifest ------- 26821 bytes [05:08 09/03/2011] [11:27 20/12/2010] 11D4BD4C4350680CED80EFC413DA79CD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.22550_none_ac34f579efe16de8.manifest ------- 25375 bytes [05:08 09/03/2011] [17:54 17/12/2010] 671C1A1462BEBA89C78B431627635095
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6000.16386_none_ab37f1cdb1ecaa70.manifest --a---- 8763 bytes [12:31 02/11/2006] [12:21 02/11/2006] 94675DDBEE5990A43EDCE0C71362A030
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6001.18000_none_ad6eb3c9aed7bb44.manifest --a---- 8718 bytes [02:41 21/01/2008] [02:41 21/01/2008] E74AD6F3A3FC727A898A746692A1FE6F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6000.16386_none_36c7c8ec8773465d.manifest --a---- 6181 bytes [12:30 02/11/2006] [12:18 02/11/2006] F7451CC968BD76955CE7CA87AD935236
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_38fe8ae8845e5731.manifest --a---- 6181 bytes [02:40 21/01/2008] [02:40 21/01/2008] F9303C9086C2FB5439D7AF97D4D74C48
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6000.16386_none_8b816fd903b3fbdb.manifest --a---- 4297 bytes [12:31 02/11/2006] [12:18 02/11/2006] 18FAD4262EAFB4A4271A71E787128139
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6001.18000_none_8db831d5009f0caf.manifest --a---- 4297 bytes [02:37 21/01/2008] [02:37 21/01/2008] 3969CC9BCED2657403D5B70A1E51148E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6002.18005_none_8fa3aae0fdc0d7fb.manifest ------- 4297 bytes [22:45 18/06/2009] [04:41 11/04/2009] FD4850F079C5DC16DE9D4A8C1C633CD7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.0.6000.16386_none_6b65c36d4cb127a9.manifest --a---- 5648 bytes [12:32 02/11/2006] [12:20 02/11/2006] 674DF41A3C3A919ECD3F28E7785E3194
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.0.6001.18000_none_6d9c8569499c387d.manifest --a---- 5648 bytes [02:39 21/01/2008] [02:39 21/01/2008] 6F450E2BC6C3761FC9148B496D7F122D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.16386_none_2118c4e581c79c7d.manifest --a---- 5516 bytes [12:30 02/11/2006] [12:19 02/11/2006] C1C910490270A8A4D7DC767E41D33DDF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_234f86e17eb2ad51.manifest --a---- 5516 bytes [02:40 21/01/2008] [02:40 21/01/2008] 7C3BA8DC917FF6522930398300779FFF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.0.6000.16386_none_5ede6b3b68ebe698.manifest --a---- 11940 bytes [12:32 02/11/2006] [12:22 02/11/2006] 1A0FC16CDFE2C0AD5AFC3BCE866E376F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.0.6001.18000_none_61152d3765d6f76c.manifest --a---- 11940 bytes [02:39 21/01/2008] [02:39 21/01/2008] 012FFDF6781AAE42FDF765EB4F795EE9
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6b49cc4503af74d5.manifest --a---- 2498 bytes [15:11 02/11/2006] [15:11 02/11/2006] 1255CE7CF6E76F20E4A6340B5D865DBB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-terminalservices-core_31bf3856ad364e35_6.0.6000.16386_none_446a1034405ab3fc.manifest --a---- 2085 bytes [12:31 02/11/2006] [12:16 02/11/2006] 5756F33A5EF2488FCA6000F1DAF9B92C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-terminalservices-rdp_31bf3856ad364e35_6.0.6000.16386_none_b5fa82f57281ad0d.manifest --a---- 2830 bytes [12:32 02/11/2006] [12:16 02/11/2006] C7FE7032BDC4C263F47DFAD8A233FD59
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6000.16386_none_2fcde9643641b726.manifest --a---- 22827 bytes [12:32 02/11/2006] [12:17 02/11/2006] D3F692AE5467D6E11063529F53AE07F0
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6001.18000_none_3204ab60332cc7fa.manifest --a---- 16582 bytes [02:38 21/01/2008] [02:38 21/01/2008] 75B3C5F5748AEBB1A17DFD294E3CC2FF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6002.18005_none_33f0246c304e9346.manifest ------- 16574 bytes [22:45 18/06/2009] [04:40 11/04/2009] D09F5BB6A90223C5A0197D0FE4A47E49
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_333f6de675986eae.manifest --a---- 3842 bytes [15:11 02/11/2006] [15:11 02/11/2006] 24297C213B5A362E8723E7003105FB3B
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_8c7c14996ec5bc69.manifest --a---- 133555 bytes [14:59 02/11/2006] [14:59 02/11/2006] 9E2EA32E1F14AEBB435F4F29C3E6CC31
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_8eb2d6956bb0cd3d.manifest --a---- 133232 bytes [02:36 21/01/2008] [02:36 21/01/2008] 9E48D1BFF59D1E61CF031FA5EE1D208B
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_909e4fa168d29889.manifest ------- 133184 bytes [22:45 18/06/2009] [05:09 11/04/2009] 821DBFEAF6A8C602CB3FE810D723C2A3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-webservices-deployment_31bf3856ad364e35_6.0.6001.18302_none_eb831a33fec983a3.manifest ------- 1553 bytes [20:32 22/10/2010] [20:32 22/10/2010] 19EE23D7E72F36F6E4E0F32D56D53C78
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-webservices-events_31bf3856ad364e35_6.0.6001.18302_none_f4c8cf1b77b6e125.manifest ------- 50101 bytes [20:32 22/10/2010] [09:51 04/08/2009] 03CBF44DA934602CBD3578A97A557EA3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_6ad7c16c2e9b895e.manifest ------- 1413 bytes [20:32 22/10/2010] [09:52 04/08/2009] 1482E02C684D4E65171555D2C9D04245
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_6a9cfa02e70ddb2b.manifest ------- 2037 bytes [20:32 22/10/2010] [09:51 04/08/2009] 7C6AC1A7FEFE0C97B7AFFE67E5D640E1
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_21f9649f8d9e04b3.manifest --a---- 4444 bytes [12:31 02/11/2006] [12:17 02/11/2006] D74FDCA0393766256EE2058E18E1E1B3
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16720_none_21f3eb038da2d427.manifest ------- 4444 bytes [02:51 05/06/2009] [23:35 27/07/2008] DC88C4DCEDA57FF1016A37747546446F
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.20883_none_0b2c01a7a745191a.manifest ------- 4444 bytes [02:51 05/06/2009] [23:34 27/07/2008] 22B27C3D7A9C7E64ED279BA62F04D768
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_21cde65b8df5ad7f.manifest --a---- 4444 bytes [02:40 21/01/2008] [02:40 21/01/2008] 859D4CF6C4D2F0123E354FFB1074A0E3
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18111_none_21cecfb98df4e0c8.manifest ------- 4444 bytes [02:51 05/06/2009] [23:53 27/07/2008] 7D5D7A474884AD534394EF81751E3B43
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.22230_none_0b034055a79a59db.manifest ------- 4444 bytes [02:51 05/06/2009] [00:02 28/07/2008] DB41E8105D2CC625A6C7463C08AC519E
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_21a96b978e474193.manifest ------- 4444 bytes [22:45 18/06/2009] [04:43 11/04/2009] A811C799E79D49BF7093F238E17930B7
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16386_none_4285eaf0e39925b4.manifest --a---- 6843 bytes [12:31 02/11/2006] [12:18 02/11/2006] 2EB5374C941399E0BF610040B720318A
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16720_none_42807154e39df528.manifest ------- 6843 bytes [02:51 05/06/2009] [23:34 27/07/2008] 62B028DB5047968FD1CC8AB8DD1C60FE
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6000.20883_none_2bb887f8fd403a1b.manifest ------- 6843 bytes [02:51 05/06/2009] [23:32 27/07/2008] 802CE5D6FC577E6004E2B2CDDFA5B32F
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18000_none_425a6cace3f0ce80.manifest --a---- 6843 bytes [02:42 21/01/2008] [02:42 21/01/2008] 5832FDC3E99C5CE4EC4F8901BC8D329E
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18111_none_425b560ae3f001c9.manifest ------- 6843 bytes [02:51 05/06/2009] [23:51 27/07/2008] A957259391B04EF5A1F9E513C33795C2
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6001.22230_none_2b8fc6a6fd957adc.manifest ------- 6843 bytes [02:51 05/06/2009] [00:00 28/07/2008] 92F144D3028EDC8DEF974482C5BB527D
C:\Windows\winsxs\Manifests\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.0.6002.18005_none_4235f1e8e4426294.manifest ------- 6843 bytes [22:45 18/06/2009] [04:42 11/04/2009] 53C80876DB8D0A2F0A29356AE9AB51B6
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6000.16386_none_245b513027fdccff.manifest --a---- 5395 bytes [12:31 02/11/2006] [12:22 02/11/2006] 065A5C0C765A85A8C9D2AC84B6B5C736
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6000.16720_none_2455d79428029c73.manifest ------- 5395 bytes [02:51 05/06/2009] [23:33 27/07/2008] 263EB66376847BDB487851DE84A498E6
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6000.20883_none_0d8dee3841a4e166.manifest ------- 5395 bytes [02:51 05/06/2009] [23:31 27/07/2008] 56CE8FC29F17A5F932E2CB353FD8CA34
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_242fd2ec285575cb.manifest --a---- 5395 bytes [02:38 21/01/2008] [02:38 21/01/2008] 964697B577F395CD819DED2EA416D645
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6001.18111_none_2430bc4a2854a914.manifest ------- 5395 bytes [02:51 05/06/2009] [23:51 27/07/2008] 9A3ED8A6F296603729A0F807C575C55D
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6001.22230_none_0d652ce641fa2227.manifest ------- 5395 bytes [02:51 05/06/2009] [23:59 27/07/2008] 2185817D9893E3C93B9596D30F3D4790
C:\Windows\winsxs\Manifests\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.0.6002.18005_none_240b582828a709df.manifest ------- 5395 bytes [22:45 18/06/2009] [04:41 11/04/2009] 898B632953AF8896213B211572F69238
C:\Windows\winsxs\Manifests\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16386_none_d44833384d3d995c.manifest --a---- 2359 bytes [12:32 02/11/2006] [12:20 02/11/2006] 9BD7D445B7981C71762CAD8A7EF69DB6
C:\Windows\winsxs\Manifests\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16720_none_d442b99c4d4268d0.manifest ------- 2359 bytes [02:51 05/06/2009] [23:36 27/07/2008] 92216D2B3903AC4FE54E29081BA73CCC
C:\Windows\winsxs\Manifests\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.20883_none_bd7ad04066e4adc3.manifest ------- 2359 bytes [02:51 05/06/2009] [23:36 27/07/2008] A50C30080B8B2CAB9CB2D4F3120A1031
C:\Windows\winsxs\Manifests\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.18111_none_d41d9e524d947571.manifest ------- 2359 bytes [02:51 05/06/2009] [23:54 27/07/2008] AC1A6D949DAC96BD09034B2CFE20DC13
C:\Windows\winsxs\Manifests\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.22230_none_bd520eee6739ee84.manifest ------- 2359 bytes [02:51 05/06/2009] [00:08 28/07/2008] 61052F45661307C517451D9FB8C587CE
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6000.16386_none_0fecfa83f7e41347.manifest --a---- 147694 bytes [12:32 02/11/2006] [12:16 02/11/2006] 731996927E930ABDA9C6B0E13868035E
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6000.16720_none_1027dfe7f7b8c833.manifest ------- 147694 bytes [02:51 05/06/2009] [23:30 27/07/2008] A72BF86AC5364431A5B2D0472C069FEF
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6000.20883_none_10739e0911045ba8.manifest ------- 147694 bytes [02:51 05/06/2009] [23:27 27/07/2008] C5043EAF1201C47AA02F3520967D523C
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6001.18111_none_1219eec3f4d6568a.manifest ------- 147694 bytes [02:51 05/06/2009] [23:48 27/07/2008] 0D09CE0920D21DD68A62A2A1FFBC9C0D
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6001.22230_none_128ceb6d0e0514df.manifest ------- 147694 bytes [02:51 05/06/2009] [23:57 27/07/2008] E4955A659ADE47A090D68E69F9323B63
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_8e24e6909943be6e.manifest --a---- 49138 bytes [12:31 02/11/2006] [12:21 02/11/2006] C2939A14B6279AC0179E8DB32943B7A8
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16720_none_8e1f6cf499488de2.manifest ------- 49138 bytes [02:51 05/06/2009] [23:37 27/07/2008] 9F1742BB9B6530AF9B2529772354E03E
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.20883_none_77578398b2ead2d5.manifest ------- 49138 bytes [02:51 05/06/2009] [23:36 27/07/2008] 331EDBD08FA017A37F300A2073A64FA2
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18000_none_8df9684c999b673a.manifest --a---- 49138 bytes [02:40 21/01/2008] [02:40 21/01/2008] 798F231F162153429A6467B5F1A611E6
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18111_none_8dfa51aa999a9a83.manifest ------- 49138 bytes [02:51 05/06/2009] [23:54 27/07/2008] B1C281EB1C20B7B79D3FA89111F1F44A
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.22230_none_772ec246b3401396.manifest ------- 49138 bytes [02:51 05/06/2009] [00:08 28/07/2008] 9ABA5F56918DCB5E50337CC188D7465F
C:\Windows\winsxs\Manifests\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6002.18005_none_8dd4ed8899ecfb4e.manifest ------- 49138 bytes [22:45 18/06/2009] [04:44 11/04/2009] D4CC02EBE067EECD7CC0A0F5AA81C96A
C:\Windows\winsxs\Manifests\amd64_web-services-for-ma..oyment-languagepack_31bf3856ad364e35_7.0.6001.18181_en-us_4b44089791d40b5d.manifest ------- 3445 bytes [01:23 26/02/2011] [01:23 26/02/2011] 7BD66867396887748A6137E7D16E8218
C:\Windows\winsxs\Manifests\amd64_web-services-for-management-deployment_31bf3856ad364e35_7.0.6001.18181_none_4fb2b0bb91d38cd7.manifest ------- 3400 bytes [01:23 26/02/2011] [01:23 26/02/2011] 739D3CC6F6A6BD7848B6F2B75AE2DE21
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_af45ceab5406d544.manifest --a---- 4159 bytes [12:31 02/11/2006] [10:18 02/11/2006] 879585026C502645DAE4955C412D25EE
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16720_none_af40550f540ba4b8.manifest ------- 4159 bytes [02:51 05/06/2009] [23:17 27/07/2008] DCE556D166E39729ECBD2F0A8392578B
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.20883_none_98786bb36dade9ab.manifest ------- 4159 bytes [02:51 05/06/2009] [23:19 27/07/2008] F2E216CC3533A8056DED55BB2CB93CA0
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_af1a5067545e7e10.manifest --a---- 4159 bytes [02:39 21/01/2008] [02:39 21/01/2008] 0BF7F2EFDA9A76274D1857A0F4CB56A9
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18111_none_af1b39c5545db159.manifest ------- 4159 bytes [02:51 05/06/2009] [23:42 27/07/2008] D7A980791A9DB4F28DAFEF88019ED49B
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.22230_none_984faa616e032a6c.manifest ------- 4159 bytes [02:51 05/06/2009] [23:28 27/07/2008] 21B9498164BA48DA9CE0FBE94FE5D5F3
C:\Windows\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_aef5d5a354b01224.manifest ------- 4159 bytes [22:44 18/06/2009] [04:16 11/04/2009] D478555750C328C944BFC492D2C93F1E
C:\Windows\winsxs\Manifests\msil_system.directoryservices.resources_b03f5f7f11d50a3a_6.0.6000.16386_en-us_39857775d33f3750.manifest --a---- 589 bytes [15:11 02/11/2006] [15:11 02/11/2006] FFDF335D784414AE4E246994D8CA6E64
C:\Windows\winsxs\Manifests\msil_system.directoryservices.resources_b03f5f7f11d50a3a_6.0.6000.16720_en-us_397ffdd9d34406c4.manifest ------- 589 bytes [02:51 05/06/2009] [23:44 27/07/2008] F8316371541C9F36E285E3FB2815C8A7
C:\Windows\winsxs\Manifests\msil_system.directoryservices.resources_b03f5f7f11d50a3a_6.0.6000.20883_en-us_22b8147dece64bb7.manifest ------- 589 bytes [02:51 05/06/2009] [23:40 27/07/2008] B42B4198EED7D7B4CE58F59DEB218730
C:\Windows\winsxs\Manifests\msil_system.directoryservices.resources_b03f5f7f11d50a3a_6.0.6001.18111_en-us_395ae28fd3961365.manifest ------- 589 bytes [02:51 05/06/2009] [23:51 27/07/2008] 1EB357B8818A3BB92A48D5E841A00482
C:\Windows\winsxs\Manifests\msil_system.directoryservices.resources_b03f5f7f11d50a3a_6.0.6001.22230_en-us_228f532bed3b8c78.manifest ------- 589 bytes [02:51 05/06/2009] [00:07 28/07/2008] 87AA907E944A2F4C199E42DC3974276C
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16386_none_56c9c34f311afdf9.manifest --a---- 6009 bytes [12:31 02/11/2006] [10:09 02/11/2006] 4B144EFD5F1638EC2E7D90854D71DF62
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16720_none_56c449b3311fcd6d.manifest ------- 6009 bytes [02:51 05/06/2009] [23:18 27/07/2008] CA3EB6B1170B4859309E685881A57C16
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.20883_none_3ffc60574ac21260.manifest ------- 6009 bytes [02:51 05/06/2009] [23:20 27/07/2008] 4D6E8357AB6260FF13CE20D17619B7BC
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18000_none_569e450b3172a6c5.manifest --a---- 6009 bytes [02:38 21/01/2008] [02:38 21/01/2008] 193A823ED217FB3F888ED7686913F90B
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18111_none_569f2e693171da0e.manifest ------- 6009 bytes [02:51 05/06/2009] [23:43 27/07/2008] 5D0D21656E9D57BF3C425F538868E46F
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.22230_none_3fd39f054b175321.manifest ------- 6009 bytes [02:51 05/06/2009] [23:29 27/07/2008] 5DC8B8EF5A17D102906252CB7257C836
C:\Windows\winsxs\Manifests\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6002.18005_none_5679ca4731c43ad9.manifest ------- 6009 bytes [22:44 18/06/2009] [04:17 11/04/2009] 7428BC68F574AB7FA4B915FB5CD008C4
C:\Windows\winsxs\Manifests\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_6.0.6000.16386_en-us_6a1f0a6912468912.manifest --a---- 591 bytes [15:11 02/11/2006] [15:11 02/11/2006] 6C4A81517B45BAEB7564959645F83D5B
C:\Windows\winsxs\Manifests\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_6.0.6000.16720_en-us_6a1990cd124b5886.manifest ------- 591 bytes [02:51 05/06/2009] [23:44 27/07/2008] E417D39368DE0EB409AB6B2A3D7BEBBC
C:\Windows\winsxs\Manifests\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_6.0.6000.20883_en-us_5351a7712bed9d79.manifest ------- 591 bytes [02:51 05/06/2009] [23:40 27/07/2008] 6E90C36B31137AE2409543FEF4688B67
C:\Windows\winsxs\Manifests\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_6.0.6001.18111_en-us_69f47583129d6527.manifest ------- 591 bytes [02:51 05/06/2009] [23:51 27/07/2008] 6ECABAC7DC77497F1D2A77CED7F52752
C:\Windows\winsxs\Manifests\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_6.0.6001.22230_en-us_5328e61f2c42de3a.manifest ------- 591 bytes [02:51 05/06/2009] [00:07 28/07/2008] 304BC1ABA56E3CBE1C27F7EEC3B5F50C
C:\Windows\winsxs\Manifests\msil_system.web.services.resources_b03f5f7f11d50a3a_6.0.6000.16386_en-us_062d1aeac309b8ef.manifest --a---- 579 bytes [15:11 02/11/2006] [15:11 02/11/2006] B7450320DCE1ECDA770B95F6DB5CB9F9
C:\Windows\winsxs\Manifests\msil_system.web.services.resources_b03f5f7f11d50a3a_6.0.6000.16720_en-us_0627a14ec30e8863.manifest ------- 579 bytes [02:51 05/06/2009] [23:44 27/07/2008] 9C3E6A818018EAC034645A77A70E3CEF
C:\Windows\winsxs\Manifests\msil_system.web.services.resources_b03f5f7f11d50a3a_6.0.6000.20883_en-us_ef5fb7f2dcb0cd56.manifest ------- 579 bytes [02:51 05/06/2009] [23:40 27/07/2008] EA82C6D4A0F19487237795E4AD437520
C:\Windows\winsxs\Manifests\msil_system.web.services.resources_b03f5f7f11d50a3a_6.0.6001.18111_en-us_06028604c3609504.manifest ------- 579 bytes [02:51 05/06/2009] [23:51 27/07/2008] 0662AEC0CE4CD307C7652E959B5A7650
C:\Windows\winsxs\Manifests\msil_system.web.services.resources_b03f5f7f11d50a3a_6.0.6001.22230_en-us_ef36f6a0dd060e17.manifest ------- 579 bytes [02:51 05/06/2009] [00:07 28/07/2008] 2C25801F6EE0C9CB521AE7E5726D093B
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.16386_none_f2f11bcbb1c17624.manifest --a---- 4554 bytes [12:31 02/11/2006] [10:18 02/11/2006] 3983963C40EE2AF99A2D089CD2A303E7
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.16720_none_f2eba22fb1c64598.manifest ------- 4554 bytes [02:51 05/06/2009] [23:19 27/07/2008] 795B8A11A4ECAD512D50A1194742AD5D
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.20883_none_dc23b8d3cb688a8b.manifest ------- 4554 bytes [02:51 05/06/2009] [23:22 27/07/2008] 25800089BBE1C590B54659AC61B29DA5
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_f2c59d87b2191ef0.manifest --a---- 4554 bytes [02:41 21/01/2008] [02:41 21/01/2008] 499BE306CD249F0CDF725FDE49B6E52F
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18111_none_f2c686e5b2185239.manifest ------- 4554 bytes [02:51 05/06/2009] [23:45 27/07/2008] 6401096882246FC1FA98BD42E97FFCE8
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.22230_none_dbfaf781cbbdcb4c.manifest ------- 4554 bytes [02:51 05/06/2009] [23:31 27/07/2008] E86585EED6BAD0183BFFC95B7B3971B9
C:\Windows\winsxs\Manifests\msil_system.web.services_b03f5f7f11d50a3a_6.0.6002.18005_none_f2a122c3b26ab304.manifest ------- 4554 bytes [22:44 18/06/2009] [04:19 11/04/2009] 87C788816CD9EFA22B74CEBAD46BA345
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_162add3790c7b0c1.manifest --a---- 90319 bytes [12:31 02/11/2006] [09:59 02/11/2006] 436901B7995622709749811F24AB22B2
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_18619f338db2c195.manifest --a---- 92232 bytes [02:40 21/01/2008] [02:40 21/01/2008] 18C40803CCD4F0354C5358671B9085A2
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_1a4d183f8ad48ce1.manifest ------- 92228 bytes [22:44 18/06/2009] [03:42 11/04/2009] 8B53343214D4C48E54FEFE7F22A43E2F
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.0.6000.16386_none_80e9aeae08e5e57f.manifest --a---- 269681 bytes [15:00 02/11/2006] [15:00 02/11/2006] 3DAD741BE772DA8EECD4790EBE98E45A
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.0.6001.18000_none_832070aa05d0f653.manifest --a---- 269681 bytes [02:43 21/01/2008] [02:43 21/01/2008] 63B04869B9588645A43C849CCDC07B3F
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.0.6002.18005_none_850be9b602f2c19f.manifest ------- 269681 bytes [22:44 18/06/2009] [03:42 11/04/2009] 4397F0AA42B5EE6611CC5BF06452497D
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_759e7697381036d0.manifest --a---- 2498 bytes [15:11 02/11/2006] [15:11 02/11/2006] 056D646A722DF02C0A061C789777F261
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_96d0beeba3267e64.manifest --a---- 95349 bytes [14:59 02/11/2006] [14:59 02/11/2006] BC6E66B9CD016959BDC9BC65F8486A27
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_990780e7a0118f38.manifest --a---- 95256 bytes [02:36 21/01/2008] [02:36 21/01/2008] 4F5A5FB99F10A3A6ED768F55F0426521
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_9af2f9f39d335a84.manifest ------- 95256 bytes [22:44 18/06/2009] [04:37 11/04/2009] 96928E7F67113D74423A00930E8627B5
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_752c6bbe62fc4b59.manifest ------- 1413 bytes [20:32 22/10/2010] [09:25 04/08/2009] C782C01BAC16AAEE05C84C205312EA51
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_74f1a4551b6e9d26.manifest ------- 2286 bytes [20:32 22/10/2010] [09:25 04/08/2009] 75DE9FAF5ADA4611184AE6C0819BC59E
C:\Windows\winsxs\Manifests\wow64_web-services-for-ma..oyment-languagepack_31bf3856ad364e35_7.0.6001.18181_en-us_5598b2e9c634cd58.manifest ------- 2040 bytes [01:21 26/02/2011] [22:35 12/01/2011] 854C52120947DDDDFA975EAD59813613
C:\Windows\winsxs\Manifests\wow64_web-services-for-management-deployment_31bf3856ad364e35_7.0.6001.18181_none_5a075b0dc6344ed2.manifest ------- 1989 bytes [01:20 26/02/2011] [22:35 12/01/2011] D1F9A701CB5C56457FB0E186D9AF377D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.0.6000.16386_none_6c7e646582ec1e49.manifest --a---- 4005 bytes [12:32 02/11/2006] [10:16 02/11/2006] 41FCB39626D133692F16DD6B6FBB61B4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.0.6001.18000_none_6eb526617fd72f1d.manifest --a---- 4005 bytes [02:40 21/01/2008] [02:40 21/01/2008] EA0A68616DB0A147718F737571F9245C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6000.16386_none_cca68469f44b4003.manifest --a---- 7318 bytes [12:31 02/11/2006] [10:10 02/11/2006] 905A2A21CD6CF9367D7A5B09B9A7DDA1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7.manifest --a---- 7273 bytes [02:42 21/01/2008] [02:42 21/01/2008] 7EC1383B23F3BCDBFB8E3649E9668736
C:\Windows\winsxs\Manifests\x86_microsoft-windows-live-services_31bf3856ad364e35_6.0.6000.16386_none_d374c2238ee40be9.manifest --a---- 11405 bytes [14:59 02/11/2006] [14:59 02/11/2006] 4A438A6109AA950F64BC2197E13B5EF6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..ityanalysisservices_31bf3856ad364e35_6.0.6000.16386_none_a461bbc104a7eda2.manifest --a---- 2920 bytes [12:31 02/11/2006] [10:02 02/11/2006] 2B1D73AF9E725BF025E2AECE0950A60C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11.manifest --a---- 7928 bytes [12:31 02/11/2006] [10:15 02/11/2006] 437598DE995221790A69AA094B76E330
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5.manifest --a---- 7928 bytes [02:37 21/01/2008] [02:37 21/01/2008] CB84E167FAA9B8D8A0157B31D16D0A90
C:\Windows\winsxs\Manifests\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f.manifest --a---- 3746 bytes [12:31 02/11/2006] [10:18 02/11/2006] 50290D068C9273C755E993BDBCD6CC4E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3.manifest --a---- 3746 bytes [02:38 21/01/2008] [02:38 21/01/2008] A94DF4BDD6E54C8C4FD8551C166B5759
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services_31bf3856ad364e35_6.0.6000.16386_none_1498c6cf059ad6dc.manifest --a---- 1549 bytes [12:31 02/11/2006] [10:03 02/11/2006] 5ABEB9BBCB4D71E9ADBD6B1BF74014F8
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.0.6000.16386_none_0955733ece724a8d.manifest --a---- 44420 bytes [12:31 02/11/2006] [10:14 02/11/2006] 50E48C6AA4A5EC9994DC1E4F4C4229C7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.0.6001.18000_none_0b8c353acb5d5b61.manifest --a---- 46459 bytes [02:41 21/01/2008] [02:41 21/01/2008] F1B17678C0FA3A64840307A770340AC2
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.0.6000.16386_none_cba2057f1c57e33a.manifest --a---- 7378 bytes [12:31 02/11/2006] [10:11 02/11/2006] 599F5C45FF00BB21C16E563041021A22
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.0.6001.18000_none_cdd8c77b1942f40e.manifest --a---- 7303 bytes [02:37 21/01/2008] [02:37 21/01/2008] D5CC8A159C336A518E9DDA81BAFB1B38
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6000.16386_none_4ba58b99242c7f2a.manifest --a---- 24682 bytes [12:31 02/11/2006] [10:13 02/11/2006] BA4DB2B932BCD87CD0E8E777BEED4E71
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18000_none_4ddc4d9521178ffe.manifest --a---- 25321 bytes [02:38 21/01/2008] [02:38 21/01/2008] EA2A084DA8AFAC6320D5F3FDE3F366D3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18564_none_4d9f78b321448ec3.manifest ------- 26767 bytes [05:08 09/03/2011] [11:27 20/12/2010] 41B473B18A8E8408C4CC146EEA3C2395
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.22815_none_4e6029303a38b67d.manifest ------- 25321 bytes [05:08 09/03/2011] [15:11 17/12/2010] F33A61C792F4B7E6BDC8FE21DE09F391
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.18005_none_4fc7c6a11e395b4a.manifest ------- 25321 bytes [22:44 18/06/2009] [04:17 11/04/2009] F57E3949AF61C6F36F994C0AA33D1704
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.18356_none_4f92bd011e60f7cb.manifest ------- 26767 bytes [05:08 09/03/2011] [11:27 20/12/2010] BC7CBE03677A12405D2303B2DB308986
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.22550_none_501659f63783fcb2.manifest ------- 25321 bytes [05:08 09/03/2011] [17:28 17/12/2010] 5D190273F7C0372B0BCCA1A2521E4810
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6000.16386_none_daa92d68cf15d527.manifest --a---- 6159 bytes [12:31 02/11/2006] [10:08 02/11/2006] BE34EE7977DF50652748A0E5A4959CF0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_dcdfef64cc00e5fb.manifest --a---- 6159 bytes [02:41 21/01/2008] [02:41 21/01/2008] 5376F384A38FCFB494C45C9DFE630581
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6000.16386_none_2f62d4554b568aa5.manifest --a---- 4285 bytes [12:31 02/11/2006] [10:08 02/11/2006] 45B96742798F69226BB9F9A3906BB7C7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6001.18000_none_3199965148419b79.manifest --a---- 4285 bytes [02:38 21/01/2008] [02:38 21/01/2008] 47529966265D53B6F8E87BE2DB72793A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6002.18005_none_33850f5d456366c5.manifest ------- 4285 bytes [22:44 18/06/2009] [04:13 11/04/2009] 534E585209326C7CFDDB9048406F0A8D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.0.6000.16386_none_0f4727e99453b673.manifest --a---- 5628 bytes [12:31 02/11/2006] [10:11 02/11/2006] 431244D1142BBBF1052825CF3F6B2E93
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.0.6001.18000_none_117de9e5913ec747.manifest --a---- 5628 bytes [02:40 21/01/2008] [02:40 21/01/2008] 2BA2E9216D4DDA6B19A33C8B10C409C6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.16386_none_c4fa2961c96a2b47.manifest --a---- 5498 bytes [12:31 02/11/2006] [10:09 02/11/2006] 18EADA1C6FAE6EEE9AAFCCF0D5310C05
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_c730eb5dc6553c1b.manifest --a---- 5498 bytes [02:41 21/01/2008] [02:41 21/01/2008] B1BDAB6E2935160FF4D5E9126ED4D229
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.0.6000.16386_none_02bfcfb7b08e7562.manifest --a---- 11902 bytes [12:31 02/11/2006] [10:18 02/11/2006] 42FBC4659485EB7A0395BDD4E9B80145
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.0.6001.18000_none_04f691b3ad798636.manifest --a---- 11902 bytes [02:41 21/01/2008] [02:41 21/01/2008] 4DFADEBBE7499A247D155B9FD19ACF40
C:\Windows\winsxs\Manifests\x86_microsoft-windows-terminalservices-core_31bf3856ad364e35_6.0.6000.16386_none_e84b74b087fd42c6.manifest --a---- 2077 bytes [12:31 02/11/2006] [10:03 02/11/2006] 299247B4798AF012CFB8CC9F51425DE3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-terminalservices-rdp_31bf3856ad364e35_6.0.6000.16386_none_59dbe771ba243bd7.manifest --a---- 2818 bytes [12:31 02/11/2006] [10:03 02/11/2006] BC28718AC0AB76544C7F4268A11526D4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6000.16386_none_d3af4de07de445f0.manifest --a---- 22813 bytes [12:31 02/11/2006] [10:05 02/11/2006] FBA8EA91E626F06B8A7466E2FF353A9F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6001.18000_none_d5e60fdc7acf56c4.manifest --a---- 16558 bytes [02:40 21/01/2008] [02:40 21/01/2008] 56D76CC86433C9F0E1513A3E5DB5D756
C:\Windows\winsxs\Manifests\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6002.18005_none_d7d188e877f12210.manifest ------- 16550 bytes [22:44 18/06/2009] [04:12 11/04/2009] 17F8924F661AF706BF3FC131519BF623
C:\Windows\winsxs\Manifests\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d720d262bd3afd78.manifest --a---- 3840 bytes [15:11 02/11/2006] [15:11 02/11/2006] CBD55AEAFA52B5EEBCE4F8222AF7D7EB
C:\Windows\winsxs\Manifests\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16386_none_1bf56a0f61b9c262.manifest --a---- 2355 bytes [12:31 02/11/2006] [10:11 02/11/2006] 31F585CC81423F564B756975EBF49774
C:\Windows\winsxs\Manifests\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16720_none_1beff07361be91d6.manifest ------- 2355 bytes [02:51 05/06/2009] [23:18 27/07/2008] 7F7A09368BC06212B6C8757D3DFA74E2
C:\Windows\winsxs\Manifests\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.20883_none_052807177b60d6c9.manifest ------- 2355 bytes [02:51 05/06/2009] [23:20 27/07/2008] A366C80A8F903B71DFF1EDB2BADF7CC3
C:\Windows\winsxs\Manifests\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.18111_none_1bcad52962109e77.manifest ------- 2355 bytes [02:51 05/06/2009] [23:43 27/07/2008] 998633C067E7E4A8C69E4CD246CBCEF6
C:\Windows\winsxs\Manifests\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.22230_none_04ff45c57bb6178a.manifest ------- 2355 bytes [02:51 05/06/2009] [23:29 27/07/2008] 2CDE1885EF290BB55F6110A0E9924402
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6000.16386_none_b3ce5f003f86a211.manifest --a---- 147688 bytes [12:31 02/11/2006] [10:03 02/11/2006] 5484EFD8941DC51918B53F144E6E2BED
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6000.16720_none_b40944643f5b56fd.manifest ------- 147688 bytes [02:51 05/06/2009] [23:13 27/07/2008] B9EB06EA298FB16AA120B61E0F38A3B2
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6000.20883_none_b455028558a6ea72.manifest ------- 147688 bytes [02:51 05/06/2009] [23:15 27/07/2008] 9AA99C7AAF485F322D3C5CD274D7DC60
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6001.18111_none_b5fb53403c78e554.manifest ------- 147688 bytes [02:51 05/06/2009] [23:32 27/07/2008] 9FD5A54A0CA1482B4C2D4C7FA9EF2ABE
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices.tlb_31bf3856ad364e35_6.0.6001.22230_none_b66e4fe955a7a3a9.manifest ------- 147688 bytes [02:51 05/06/2009] [23:21 27/07/2008] C4C369044992C33ADE6A0B74D99E9B0D
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_d5d21d67adbfe774.manifest --a---- 47734 bytes [12:31 02/11/2006] [10:14 02/11/2006] D78A587E82AE350A9C0232550B3F0D69
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16720_none_d5cca3cbadc4b6e8.manifest ------- 47734 bytes [02:51 05/06/2009] [23:18 27/07/2008] 585E7F34BDE290C759093A6BEC21D6FE
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.20883_none_bf04ba6fc766fbdb.manifest ------- 47734 bytes [02:51 05/06/2009] [23:20 27/07/2008] A16BA808A77DA1EBC1241838DDBD6E07
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18000_none_d5a69f23ae179040.manifest --a---- 47734 bytes [02:41 21/01/2008] [02:41 21/01/2008] C21AE4136522D9FFD58CE66554BC7989
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18111_none_d5a78881ae16c389.manifest ------- 47734 bytes [02:51 05/06/2009] [23:43 27/07/2008] FC4D13384B0BFA085D6F7DA73AAE9107
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.22230_none_bedbf91dc7bc3c9c.manifest ------- 47734 bytes [02:51 05/06/2009] [23:29 27/07/2008] 160A686CAAF17BA14115D45688179B20
C:\Windows\winsxs\Manifests\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6002.18005_none_d582245fae692454.manifest ------- 47734 bytes [22:44 18/06/2009] [04:17 11/04/2009] 2861C1FBDA22F657D68F78C200B66CFF
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_af45ceab5406d544\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [12:26 02/11/2006] [01:14 20/10/2006] 6BDB34DABC3E43A399782FEEF2531616
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16720_none_af40550f540ba4b8\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [18:00 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.20883_none_98786bb36dade9ab\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [17:55 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_af1a5067545e7e10\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:49 21/01/2008] [02:49 21/01/2008] 710FC83A1C3E2C64F18C342E22C57BA9
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18111_none_af1b39c5545db159\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [18:03 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.22230_none_984faa616e032a6c\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [02:51 05/06/2009] [17:58 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_aef5d5a354b01224\System.DirectoryServices.Protocols.dll --a---- 188416 bytes [23:03 18/06/2009] [04:42 30/03/2009] 891AA60D72C0D51286FD7792D53C2A12
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16386_none_56c9c34f311afdf9\System.DirectoryServices.dll --a---- 397312 bytes [12:26 02/11/2006] [01:14 20/10/2006] 7E1FC67900EA31FA56A6B7542FA27E17
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16720_none_56c449b3311fcd6d\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [18:00 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.20883_none_3ffc60574ac21260\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [17:55 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18000_none_569e450b3172a6c5\System.DirectoryServices.dll --a---- 401408 bytes [02:48 21/01/2008] [02:48 21/01/2008] BB8F8C6047F473CAD5430266FB69A7DA
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18111_none_569f2e693171da0e\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [18:03 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.22230_none_3fd39f054b175321\System.DirectoryServices.dll --a---- 401408 bytes [02:51 05/06/2009] [17:58 27/07/2008] F485CF34C45F850B25A7E38B08A7C435
C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6002.18005_none_5679ca4731c43ad9\System.DirectoryServices.dll --a---- 401408 bytes [23:03 18/06/2009] [04:42 30/03/2009] 85290FF9B6B3A161E95AFCCC22480347
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.16386_none_f2f11bcbb1c17624\System.Web.Services.dll --a---- 823296 bytes [12:26 02/11/2006] [01:14 20/10/2006] D01562C5557F59B26ACA8CEA328B8BC7
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.16720_none_f2eba22fb1c64598\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [18:00 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.20883_none_dc23b8d3cb688a8b\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [17:55 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_f2c59d87b2191ef0\System.Web.Services.dll --a---- 839680 bytes [02:50 21/01/2008] [02:50 21/01/2008] 553A64D2555FD7AD7688415ABA48F666
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18111_none_f2c686e5b2185239\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [18:03 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.22230_none_dbfaf781cbbdcb4c\System.Web.Services.dll --a---- 839680 bytes [02:51 05/06/2009] [17:58 27/07/2008] A89DFA6DB0C3D00559F770A214962A60
C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6002.18005_none_f2a122c3b26ab304\System.Web.Services.dll --a---- 839680 bytes [23:03 18/06/2009] [04:42 30/03/2009] D59A5B6EBFCE6DBF9EE5D8A72EB8219B
C:\Windows\winsxs\Temp\PendingRenames\6a1cb0e8d74dcd01e11700001413580f.$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms --a---- 1464 bytes [04:56 19/06/2012] [04:56 19/06/2012] D7628FE771926CAA438698D1AA08CF15
C:\Windows\winsxs\Temp\PendingRenames\ca2cfee8d74dcd01ec1700001413580f.$$_system32_migwiz_dlmanifests_microsoft-windows-directoryservices-adam-dl_6c3018cc6f347ede.cdf-ms --a---- 936 bytes [04:56 19/06/2012] [04:56 19/06/2012] 6CFFEFE828D888B173CB2C9CE86ACEDC
C:\Windows\winsxs\wow64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_752c6bbe62fc4b59\webservices.dll.mui --a---- 204800 bytes [20:32 22/10/2010] [09:25 04/08/2009] 96DE24090E0C41639B50C3F14386CC12
C:\Windows\winsxs\wow64_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_74f1a4551b6e9d26\webservices.dll --a---- 754688 bytes [20:32 22/10/2010] [08:02 04/08/2009] E4783742790B2084EFCBF6AE8968A73D
C:\Windows\winsxs\x86_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.18107_none_a27672456d27e8b6\xpsservices.dll --a---- 1554432 bytes [07:16 31/10/2009] [01:49 25/09/2009] 06C426B2FBEC302BD5763D7D654B4022
C:\Windows\winsxs\x86_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.18392_none_a21025536d755fca\xpsservices.dll --a---- 1554432 bytes [01:43 10/02/2011] [14:28 20/01/2011] E607F9C6A2386647B572580CB147C7B3
C:\Windows\winsxs\x86_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.22573_none_a2b064268681de30\xpsservices.dll --a---- 1554432 bytes [01:43 10/02/2011] [14:36 20/01/2011] 1ECC7DF9B6F5C64F8920225239D23DB4
C:\Windows\winsxs\x86_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.18107_none_9694f99f3a97a698\OpcServices.dll --a---- 847360 bytes [07:16 31/10/2009] [01:38 25/09/2009] 4AEDEEC05211864EC41FCB099C1065FA
C:\Windows\winsxs\x86_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.18392_none_962eacad3ae51dac\OpcServices.dll --a---- 847360 bytes [01:43 10/02/2011] [14:25 20/01/2011] A15ED03919107C2A6A3395EE02C7DD47
C:\Windows\winsxs\x86_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.22573_none_96ceeb8053f19c12\OpcServices.dll --a---- 847360 bytes [01:43 10/02/2011] [14:32 20/01/2011] AE0CC57431E970E51B7AC1AF68E56B1A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\DirectoryServices-ADAM-DL.man --a---- 2309 bytes [15:02 02/11/2006] [15:02 02/11/2006] D7937CD02F11126F42BCA7559738E27B
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\DirectoryServices-Domain-DL.man --a---- 2044 bytes [15:02 02/11/2006] [15:02 02/11/2006] EC9AB7D446510EBB8296A4FB2B167E6A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\DirectoryServices-ISM-Smtp-DL.man --a---- 1851 bytes [02:47 21/01/2008] [02:47 21/01/2008] 4DA47743EAA0E1C5A2975F15080162BA
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Microsoft-Windows-CertificateServices-CA-DL.man --a---- 1613 bytes [15:02 02/11/2006] [15:02 02/11/2006] 32A009024C4AAB1A38D503A6985B5F7D
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Microsoft-Windows-CertificateServices-CAManagement-DL.man --a---- 1235 bytes [02:47 21/01/2008] [02:47 21/01/2008] C5C02C4A84ACC3BFD845EE4EBBD6AB8A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Microsoft-Windows-CertificateServices-MSCEP-DL.man --a---- 1485 bytes [02:47 21/01/2008] [02:47 21/01/2008] D31D59095D5E189140A78D39753AECDD
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TerminalServices-Drivers-DL.man --a---- 1134 bytes [15:02 02/11/2006] [15:02 02/11/2006] 58BE377062DF00A2D6E2C678AEC872DC
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\terminalservices-licenseserver-DL.man --a---- 1800 bytes [02:47 21/01/2008] [02:47 21/01/2008] B65BBC279F1F1BF8990685CB9E35D0AF
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TerminalServices-LocalSessionManager-DL.man --a---- 1353 bytes [15:02 02/11/2006] [15:02 02/11/2006] 6912AECCC58707895F5D37016691FAC8
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TerminalServices-RDP-WinStationExtensions-DL.man --a---- 22336 bytes [02:47 21/01/2008] [02:47 21/01/2008] 41D5557C2D119C93CFEE9BEE27A97E1A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TerminalServices-RemoteConnectionManager-DL.man --a---- 1329 bytes [02:47 21/01/2008] [02:47 21/01/2008] 87BDFDD25EDC302A438D3BEC35EFF509
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TerminalServices-SessionDirectory-Client-DL.man --a---- 2215 bytes [02:47 21/01/2008] [02:47 21/01/2008] B413D47A7BD85710D2C521ED604EA881
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TerminalServices-TerminalServicesClient-DL.man --a---- 1784 bytes [15:02 02/11/2006] [15:02 02/11/2006] A81BB134CF54A52C20F67AEBFD351D5B
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\TextServicesFramework-Migration-DL.man --a---- 2154 bytes [15:02 02/11/2006] [15:02 02/11/2006] A39976AE141A764DA2C061E1B9D6B7AB
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\UDDIServices-SDP-DL.man --a---- 1518 bytes [15:02 02/11/2006] [15:02 02/11/2006] 5030420A481EFE7DBB731E331F85DC59
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\UDDIServicesDatabase-SDP-DL.man --a---- 1306 bytes [15:02 02/11/2006] [15:02 02/11/2006] 53C8921A817AB7935BC839AC366083B8
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\UDDIServicesWeb-SDP-DL.man --a---- 1315 bytes [15:02 02/11/2006] [15:02 02/11/2006] 96B3676F32D512035B283B5371E49CEC
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Web-Services-for-Management-Core-DL.man --a---- 1914 bytes [02:47 21/01/2008] [02:47 21/01/2008] 2A110F0D2AE009C4F5CC41CB754B3A93
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\DirectoryServices-ADAM-DL.man --a---- 2309 bytes [15:02 02/11/2006] [15:02 02/11/2006] D7937CD02F11126F42BCA7559738E27B
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\DirectoryServices-Domain-DL.man --a---- 2044 bytes [15:02 02/11/2006] [15:02 02/11/2006] EC9AB7D446510EBB8296A4FB2B167E6A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\DirectoryServices-ISM-Smtp-DL.man --a---- 1851 bytes [02:47 21/01/2008] [02:47 21/01/2008] 4DA47743EAA0E1C5A2975F15080162BA
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Microsoft-Windows-CertificateServices-CA-DL.man --a---- 1613 bytes [15:02 02/11/2006] [15:02 02/11/2006] 32A009024C4AAB1A38D503A6985B5F7D
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Microsoft-Windows-CertificateServices-CAManagement-DL.man --a---- 1235 bytes [02:47 21/01/2008] [02:47 21/01/2008] C5C02C4A84ACC3BFD845EE4EBBD6AB8A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Microsoft-Windows-CertificateServices-MSCEP-DL.man --a---- 1485 bytes [02:47 21/01/2008] [02:47 21/01/2008] D31D59095D5E189140A78D39753AECDD
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TerminalServices-Drivers-DL.man --a---- 1134 bytes [15:02 02/11/2006] [15:02 02/11/2006] 58BE377062DF00A2D6E2C678AEC872DC
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\terminalservices-licenseserver-DL.man --a---- 1800 bytes [02:47 21/01/2008] [02:47 21/01/2008] B65BBC279F1F1BF8990685CB9E35D0AF
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TerminalServices-LocalSessionManager-DL.man --a---- 1353 bytes [15:02 02/11/2006] [15:02 02/11/2006] 6912AECCC58707895F5D37016691FAC8
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TerminalServices-RDP-WinStationExtensions-DL.man --a---- 22336 bytes [02:47 21/01/2008] [02:47 21/01/2008] 41D5557C2D119C93CFEE9BEE27A97E1A
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TerminalServices-RemoteConnectionManager-DL.man --a---- 1329 bytes [02:47 21/01/2008] [02:47 21/01/2008] 87BDFDD25EDC302A438D3BEC35EFF509
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TerminalServices-SessionDirectory-Client-DL.man --a---- 2215 bytes [02:47 21/01/2008] [02:47 21/01/2008] B413D47A7BD85710D2C521ED604EA881
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TerminalServices-TerminalServicesClient-DL.man --a---- 1784 bytes [15:02 02/11/2006] [15:02 02/11/2006] A81BB134CF54A52C20F67AEBFD351D5B
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TextServicesFramework-Migration-DL.man --a---- 2154 bytes [15:02 02/11/2006] [15:02 02/11/2006] A39976AE141A764DA2C061E1B9D6B7AB
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\UDDIServices-SDP-DL.man --a---- 1518 bytes [15:02 02/11/2006] [15:02 02/11/2006] 5030420A481EFE7DBB731E331F85DC59
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\UDDIServicesDatabase-SDP-DL.man --a---- 1306 bytes [15:02 02/11/2006] [15:02 02/11/2006] 53C8921A817AB7935BC839AC366083B8
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\UDDIServicesWeb-SDP-DL.man --a---- 1315 bytes [15:02 02/11/2006] [15:02 02/11/2006] 96B3676F32D512035B283B5371E49CEC
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Web-Services-for-Management-Core-DL.man --a---- 1914 bytes [02:47 21/01/2008] [02:47 21/01/2008] 2A110F0D2AE009C4F5CC41CB754B3A93
C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc --a---- 92745 bytes [15:14 02/11/2006] [15:14 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof --a---- 2866 bytes [12:21 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [23:03 18/06/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof --a---- 2866 bytes [12:21 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc --a---- 92745 bytes [12:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\x86_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.0.6000.16386_none_1c7f70bfd9f21587\TableTextServiceSimplifiedShuangPin.txt --a---- 1445244 bytes [12:23 02/11/2006] [01:07 27/09/2006] 5376E1CA5D7CB4ADD4CD69C3557A3F76
C:\Windows\winsxs\x86_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.0.6002.18005_none_20a1abc7d3fef1a7\TableTextServiceSimplifiedShuangPin.txt --a---- 1445430 bytes [23:03 18/06/2009] [18:39 18/02/2009] 51B31EB324CB5C6936D7A14D49B0BD67
C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.0.6000.16386_none_f58de160c359c866\TableTextServiceSimplifiedQuanPin.txt --a---- 1665692 bytes [12:23 02/11/2006] [01:07 27/09/2006] 44159F717B2A95551F0C6959C18B11DD
C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.0.6002.18005_none_f9b01c68bd66a486\TableTextServiceSimplifiedQuanPin.txt --a---- 1665878 bytes [23:03 18/06/2009] [18:39 18/02/2009] 532ED87BB64CF19C58AE0F91FA439983
C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.0.6000.16386_none_611fba102c7b5aa2\TableTextServiceSimplifiedZhengMa.txt --a---- 1810166 bytes [12:23 02/11/2006] [01:07 27/09/2006] AF4BE34135F5DCA765C7596C1933400E
C:\Windows\winsxs\x86_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.0.6002.18005_none_6541f518268836c2\TableTextServiceSimplifiedZhengMa.txt --a---- 1810352 bytes [23:03 18/06/2009] [18:40 18/02/2009] 6D2BE04D9605C2D479E3CD205C406D7C
C:\Windows\winsxs\x86_microsoft-windows-t..onmanager-uieffects_31bf3856ad364e35_6.0.6001.18000_none_f766c46bf6ebc9cd\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms --a---- 3084 bytes [02:51 21/01/2008] [02:51 21/01/2008] 72830612581636025945E1C460B1386B
C:\Windows\winsxs\x86_microsoft-windows-t..tionmanager-license_31bf3856ad364e35_6.0.6001.18000_none_f8ff9c9ccf228994\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms --a---- 4021 bytes [02:51 21/01/2008] [02:51 21/01/2008] D40C66C818895F073A3E617F3A466C00
C:\Windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_528b86b0b782b897\System.EnterpriseServices.Thunk.dll --a---- 47616 bytes [12:24 02/11/2006] [06:34 02/11/2006] 569077EF776E89D69C2B85245C9DEDC5
C:\Windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_52860d14b787880b\System.EnterpriseServices.Thunk.dll --a---- 57392 bytes [02:51 05/06/2009] [18:00 27/07/2008] 326C587B60592D84F32B10F73DCE58B4
C:\Windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_3bbe23b8d129ccfe\System.EnterpriseServices.Thunk.dll --a---- 57392 bytes [02:51 05/06/2009] [17:55 27/07/2008] 326C587B60592D84F32B10F73DCE58B4
C:\Windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_5260086cb7da6163\System.EnterpriseServices.Thunk.dll --a---- 57392 bytes [02:50 21/01/2008] [02:50 21/01/2008] 4208F41998BEECEE2ED6A6389F0AF974
C:\Windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_5260f1cab7d994ac\System.EnterpriseServices.Thunk.dll --a---- 57392 bytes [02:51 05/06/2009] [18:03 27/07/2008] 326C587B60592D84F32B10F73DCE58B4
C:\Windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_3b956266d17f0dbf\System.EnterpriseServices.Thunk.dll --a---- 57392 bytes [02:51 05/06/2009] [17:58 27/07/2008] 326C587B60592D84F32B10F73DCE58B4
C:\Windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.0.6001.18000_none_6129598b25d1a492\sbs_system.enterpriseservices.dll --a---- 14376 bytes [02:48 21/01/2008] [02:48 21/01/2008] 5142D33972DE83C71A69AD46BAFFB603
C:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16386_none_1bf56a0f61b9c262\System.EnterpriseServices.tlb --a---- 40960 bytes [12:24 02/11/2006] [01:14 20/10/2006] 36CDFBB1EBF2CFDC16FACB9A6542098F
C:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.16720_none_1beff07361be91d6\System.EnterpriseServices.tlb --a---- 40960 bytes [02:51 05/06/2009] [18:00 27/07/2008] C178E0ABE4E8FDFF0F9B9D30A192C9C8
C:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6000.20883_none_052807177b60d6c9\System.EnterpriseServices.tlb --a---- 40960 bytes [02:51 05/06/2009] [17:55 27/07/2008] C178E0ABE4E8FDFF0F9B9D30A192C9C8
C:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.18111_none_1bcad52962109e77\System.EnterpriseServices.tlb --a---- 40960 bytes [02:51 05/06/2009] [18:03 27/07/2008] C178E0ABE4E8FDFF0F9B9D30A192C9C8
C:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.0.6001.22230_none_04ff45c57bb6178a\System.EnterpriseServices.tlb --a---- 40960 bytes [02:51 05/06/2009] [17:58 27/07/2008] C178E0ABE4E8FDFF0F9B9D30A192C9C8
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_d5d21d67adbfe774\System.EnterpriseServices.dll --a---- 258048 bytes [12:26 02/11/2006] [01:14 20/10/2006] 199AC6DECE667AE0709B13740B21383F
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_d5d21d67adbfe774\System.EnterpriseServices.Wrapper.dll --a---- 114176 bytes [12:26 02/11/2006] [06:34 02/11/2006] 39CCB95EBB5F67A92932D024F8AC3079
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16720_none_d5cca3cbadc4b6e8\System.EnterpriseServices.dll --a---- 258048 bytes [02:51 05/06/2009] [18:00 27/07/2008] 9631B15DB7C43C267636FF43C3075E07
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16720_none_d5cca3cbadc4b6e8\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [02:51 05/06/2009] [18:19 27/07/2008] E786C33D35D39C5CCB523AECC18D7BD7
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.20883_none_bf04ba6fc766fbdb\System.EnterpriseServices.dll --a---- 258048 bytes [02:51 05/06/2009] [17:55 27/07/2008] 9631B15DB7C43C267636FF43C3075E07
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.20883_none_bf04ba6fc766fbdb\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [02:51 05/06/2009] [18:15 27/07/2008] E786C33D35D39C5CCB523AECC18D7BD7
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18000_none_d5a69f23ae179040\System.EnterpriseServices.dll --a---- 258048 bytes [02:50 21/01/2008] [02:50 21/01/2008] AF5CDB23E851B084A16F672E49CE1148
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18000_none_d5a69f23ae179040\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [02:50 21/01/2008] [02:50 21/01/2008] CF175F5AF10AC43872215E1F31C91B25
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18111_none_d5a78881ae16c389\System.EnterpriseServices.dll --a---- 258048 bytes [02:51 05/06/2009] [18:03 27/07/2008] 9631B15DB7C43C267636FF43C3075E07
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.18111_none_d5a78881ae16c389\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [02:51 05/06/2009] [18:22 27/07/2008] E786C33D35D39C5CCB523AECC18D7BD7
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.22230_none_bedbf91dc7bc3c9c\System.EnterpriseServices.dll --a---- 258048 bytes [02:51 05/06/2009] [17:58 27/07/2008] 9631B15DB7C43C267636FF43C3075E07
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6001.22230_none_bedbf91dc7bc3c9c\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [02:51 05/06/2009] [18:19 27/07/2008] E786C33D35D39C5CCB523AECC18D7BD7
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6002.18005_none_d582245fae692454\System.EnterpriseServices.dll --a---- 258048 bytes [23:03 18/06/2009] [04:42 30/03/2009] 70891F0ED183AC39BE4C5E43666A35C7
C:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6002.18005_none_d582245fae692454\System.EnterpriseServices.Wrapper.dll --a---- 113664 bytes [23:03 18/06/2009] [02:04 11/04/2009] 296AACAE51A6995D2016C2C3E4774D81

-= EOF =-

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 June 2012 - 10:25 PM

hi,

Please run the following:



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | C:\Windows\System32\services.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 June 2012 - 11:20 PM

I never got a message box after combofix completed, just the log.

ComboFix 12-06-21.03 - Lauri 06/23/2012 0:02.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2588 [GMT -4:00]
Running from: c:\users\Lauri\Desktop\ComboFix.exe
Command switches used :: c:\users\Lauri\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lauri\AppData\Local\Temp\ppcrlui_4680_2
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --> c:\windows\System32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 04:14 . 2012-06-23 04:14 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-06-23 04:14 . 2012-06-23 04:14 -------- d-----w- c:\users\Lauri\AppData\Local\temp
2012-06-23 04:14 . 2012-06-23 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 03:23 . 2012-06-23 03:36 -------- d-----w- c:\programdata\CPA_VA
2012-06-23 03:01 . 2012-06-23 03:03 -------- d-----w- C:\FRST
2012-06-23 02:47 . 2012-06-23 03:22 -------- d-----w- c:\programdata\Comodo
2012-06-23 02:47 . 2012-06-23 02:48 -------- d-----w- c:\program files\COMODO
2012-06-23 02:47 . 2012-06-23 02:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-23 02:47 . 2012-06-23 02:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-06-22 03:54 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-22 03:54 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-22 03:54 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-22 03:54 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-22 03:54 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 03:54 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-22 03:54 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 03:53 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-22 03:52 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-22 03:52 . 2012-06-22 03:52 -------- d-----w- c:\programdata\AVAST Software
2012-06-22 03:52 . 2012-06-22 03:52 -------- d-----w- c:\program files\AVAST Software
2012-06-22 03:48 . 2012-06-22 03:48 -------- d-----w- c:\users\Lauri\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 03:48 . 2012-06-22 03:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 03:48 . 2012-06-22 03:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-21 23:06 . 2012-06-21 23:06 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 22:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-21 22:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-21 22:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-21 22:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:38 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 22:38 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-21 22:38 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:38 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 05:37 . 2012-06-19 05:37 -------- d-----w- c:\users\Lauri\AppData\Local\ElevatedDiagnostics
2012-06-19 03:51 . 2012-06-19 03:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-18 20:37 . 2012-06-18 20:37 -------- d-----w- c:\users\Lauri\AppData\Local\Macromedia
2012-06-17 23:52 . 2012-06-17 23:52 -------- d-----w- c:\users\Lauri\AppData\Local\Stardock_Corporation
2012-06-17 22:08 . 2012-06-17 22:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-17 21:57 . 2012-06-17 21:57 -------- d-----w- c:\users\Lauri\AppData\Roaming\HipSoft
2012-06-17 21:56 . 2012-06-17 21:56 -------- d-----w- c:\program files (x86)\Tiger Games
2012-06-14 19:16 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:16 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 19:16 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 19:16 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 19:16 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 19:16 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 19:16 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 19:15 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:14 . 2012-06-13 04:14 -------- d-----w- c:\users\Lauri\AppData\Roaming\Atari
2012-06-13 04:05 . 2012-06-13 04:13 -------- d-----w- c:\program files (x86)\RCT3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 23:25 . 2012-04-12 04:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 23:25 . 2012-03-27 00:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 19:56 . 2012-05-07 19:56 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 03:58 . 2010-04-19 18:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2010-10-26 23:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-10 07:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-10 07:44 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:22 . 2012-05-10 07:44 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_02.09.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-06-23 03:36 70540 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-23 03:52 91914 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-05 03:17 . 2012-06-23 03:52 18828 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-349142545-3791892292-1772479833-1000_UserData.bin
+ 2012-03-12 01:13 . 2012-03-12 01:13 93200 c:\windows\system32\DriverStore\FileRepository\inspect.inf_212ed5d3\inspect.sys
+ 2012-03-12 01:13 . 2012-03-12 01:13 93200 c:\windows\system32\drivers\inspect.sys
+ 2012-03-12 01:13 . 2012-03-12 01:13 42224 c:\windows\system32\drivers\cmdhlp.sys
+ 2012-03-12 01:13 . 2012-03-12 01:13 22696 c:\windows\system32\drivers\cmderd.sys
- 2009-06-05 02:17 . 2012-05-07 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-05 02:17 . 2012-06-23 03:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-05 02:17 . 2012-06-23 03:49 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-05 02:17 . 2012-06-23 03:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-05 02:17 . 2012-05-07 19:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-23 03:23 . 2012-06-23 03:23 49120 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-03-12 01:13 . 2012-03-12 01:13 41200 c:\windows\system32\cmdcsr.dll
- 2006-11-02 12:40 . 2012-03-10 00:28 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2012-06-23 02:49 51200 c:\windows\inf\infpub.dat
- 2012-06-23 02:06 . 2012-06-23 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-23 03:34 . 2012-06-23 03:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 02:06 . 2012-06-23 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 03:34 . 2012-06-23 03:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-12 01:13 . 2012-03-12 01:13 301224 c:\windows\SysWOW64\guard32.dll
+ 2008-01-21 03:20 . 2012-06-23 03:50 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-06-23 02:07 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-12 01:13 . 2012-03-12 01:13 389840 c:\windows\system32\guard64.dll
+ 2012-03-12 01:13 . 2012-03-12 01:13 577824 c:\windows\system32\drivers\cmdGuard.sys
+ 2009-06-05 01:54 . 2012-06-23 03:22 104408 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2011-02-12 22:52 . 2012-06-23 03:33 376888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-12 22:52 . 2012-06-23 02:05 376888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2006-11-02 12:40 . 2012-03-10 00:28 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2012-06-23 02:49 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2012-06-23 02:49 143360 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2012-03-10 00:28 143360 c:\windows\inf\infstor.dat
+ 2008-01-21 03:20 . 2012-06-23 03:50 2211840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-23 02:07 2211840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-23 02:07 4423680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-23 03:50 4423680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-02 02:28 . 2012-06-23 03:33 8334238 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-349142545-3791892292-1772479833-1000-12288.dat
- 2011-04-02 02:28 . 2012-06-23 02:05 8334238 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-349142545-3791892292-1772479833-1000-12288.dat
- 2012-06-17 23:20 . 2012-06-19 03:41 4522852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-17 23:20 . 2012-06-23 03:33 4522852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-23 02:48 . 2012-06-23 02:48 9082880 c:\windows\Installer\19eb7c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-12-09 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
c:\users\Lauri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-8-5 576000]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000Core.job
- c:\users\Lauri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 21:51]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349142545-3791892292-1772479833-1000UA.job
- c:\users\Lauri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 21:51]
.
2012-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bfm.bingstart.com/?cfg=2-229-0-1E2iL
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: onecommunications.com\cygate
Trusted Zone: onecommunications.com\cygate2
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{B83A51BB-C1E8-4785-B5A7-EF5174762ABA}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D6A411CB-D42C-4409-AE71-F35A40862A17}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} - c:\users\Lauri\AppData\Local\Temp\f5tmp\urvncx.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Lauri\AppData\Roaming\Mozilla\Firefox\Profiles\tw9drsbr.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{C53FE659-316A-4F56-A194-A5BE491BE866} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-349142545-3791892292-1772479833-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73BCAF07-ACDA-1E45-7D74-B1EF82C49456}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-06-23 00:17:29
ComboFix-quarantined-files.txt 2012-06-23 04:17
ComboFix2.txt 2012-06-23 02:18
.
Pre-Run: 65,509,355,520 bytes free
Post-Run: 65,276,203,008 bytes free
.
- - End Of File - - 011BC8482AA0CB27178D17C08E1B75E2

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 23 June 2012 - 08:34 AM

that looks better,

please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 23 June 2012 - 09:29 AM

no threats found my malware, here is log. Running ESET now

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Lauri :: LAURI-PC [administrator]

Protection: Enabled

6/23/2012 10:24:51 AM
mbam-log-2012-06-23 (10-24-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239094
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 23 June 2012 - 02:36 PM

ESET found 14 threats but there was no button to list them that I saw and I closed the window. Is there a log stored you think?

#14 unicornlas

unicornlas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 23 June 2012 - 02:39 PM

Found the log. It also shows when I ran it a few days ago.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9e1085345a19324eb8c12c8783f86ebe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-22 02:47:33
# local_time=2012-06-21 10:47:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 66 56 51234922 176919043 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=514161
# found=29
# cleaned=28
# scan_time=12916
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\MafiaBots.com\MafiaBot\MafiaBotPro1.67.zip Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Visual CertExam Suite\visual.certexam.suite.v1.9.954-NoPE.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\!!!New Stuff\amazinguniversess.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\!!!New Stuff\snowglobe.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\!!!New Stuff\sunset.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\!!!New Stuff\xmastree.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\WQzzo6oM.exe.part a variant of Win32/Adware.MediaFinder.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\256085906.Uninstall\Uninstall.exe Win32/InstallCore.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\is1438683437\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\mia2863.tmp\data\OFFLINE\D85A543A\8B1B19B\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\mia2863.tmp\data\OFFLINE\D85A543A\8B1B19B\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\mia2863.tmp\data\OFFLINE\D85A543A\8B1B19B\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\mia2863.tmp\data\OFFLINE\D85A543A\8B1B19B\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\mia2863.tmp\data\OFFLINE\D85A543A\8B1B19B\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Local\Temp\mia2863.tmp\data\OFFLINE\D85A543A\8B1B19B\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\AppData\Roaming\Asterisks Password Viewer\install\2.96.89\F61FD5A\KLAstrPwdMon.dll a variant of Win32/PSWTool.IEPasswordsRevealer.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Cisco\Visual_CertExam_Suite_v1.9.zip a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Cisco\Visual_CertExam_Suite_v1.9\Visual_CertExam_Suite_v1.9\crack\visual.certexam.suite.v1.9.954-NoPE.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Desktop\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Documents\Storage\ac3filter_app_1200.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Documents\Storage\MiscApps\JascImageRobot.zip a variant of Win32/HackTool.Patcher.C application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Documents\Storage\Zipped\JascImageRobot.zip a variant of Win32/HackTool.Patcher.C application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Downloads\Hook.dll a variant of Win32/PSWTool.PasswordSpy.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Downloads\password-viewer.zip a variant of Win32/PSWTool.PasswordSpy.AA application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Lauri\Downloads\SoftonicDownloader_for_hamster-free-ebook-converter.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Sirefef.EZ trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9e1085345a19324eb8c12c8783f86ebe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-23 07:25:46
# local_time=2012-06-23 03:25:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3073 16777213 80 71 0 16044427 0 0
# compatibility_mode=5892 16776574 100 56 51377398 177061519 0 0
# compatibility_mode=8192 67108863 100 0 56425 56425 0 0
# scanned=606389
# found=14
# cleaned=0
# scan_time=16733
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (unable to clean) 00000000000000000000000000000000 I
H:\Hook.dll a variant of Win32/PSWTool.PasswordSpy.AA application (unable to clean) 00000000000000000000000000000000 I
H:\SoftonicDownloader_for_hamster-free-ebook-converter.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
H:\password-viewer.zip a variant of Win32/PSWTool.PasswordSpy.AA application (unable to clean) 00000000000000000000000000000000 I
H:\Storage\ac3filter_app_1200.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
H:\Storage\MiscApps\JascImageRobot.zip a variant of Win32/HackTool.Patcher.C application (unable to clean) 00000000000000000000000000000000 I
H:\Storage\Zipped\JascImageRobot.zip a variant of Win32/HackTool.Patcher.C application (unable to clean) 00000000000000000000000000000000 I
H:\Cisco\Visual_CertExam_Suite_v1.9.zip a variant of Win32/HackTool.Patcher.A application (unable to clean) 00000000000000000000000000000000 I
H:\Cisco\Visual_CertExam_Suite_v1.9\Visual_CertExam_Suite_v1.9\crack\visual.certexam.suite.v1.9.954-NoPE.exe a variant of Win32/HackTool.Patcher.A application (unable to clean) 00000000000000000000000000000000 I
H:\!!!New Stuff\amazinguniversess.exe probably a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
H:\!!!New Stuff\snowglobe.exe probably a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
H:\!!!New Stuff\sunset.exe probably a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
H:\!!!New Stuff\xmastree.exe probably a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 23 June 2012 - 02:56 PM

Hi,

Please do the following:

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT



Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users