Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Google Redirects + False Adobe update + services.exe being reported as a virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 callmeevo

callmeevo

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 14 July 2012 - 04:58 PM

Hello, first time posting in the forums here, I have found a few of the tutorials to be helpful in the past, and really appreciate what you guys do for the community. I am experiencing the symptoms mentioned in the topic, and would appreciate any help you can provide in removing it.

Here is my log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Bryan-SIZZLE at 17:53:00 on 2012-07-14
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [AdobeBridge]
uRun: [atynr] rundll32.exe "C:\Users\BRYAN-~1\AppData\Local\Temp\atynr.dll",SteamAPI_Init
uRun: [scilat] rundll32.exe "C:\Users\BRYAN-~1\AppData\Local\Temp\scilat.dll",Vec3TransformNormal
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Google Update] "C:\Users\Bryan-SIZZLE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [Razer TRON Driver] C:\Program Files (x86)\Razer\Razer TRON\RazerTRONSysTray.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
StartupFolder: C:\Users\BRYAN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BRYAN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe
StartupFolder: C:\Users\BRYAN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SICKBE~1.LNK - D:\Program Files (x86)\Sickbeard\SickBeard-win32-alpha-build492\SickBeard.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{09844A98-B7F1-4CE5-B40B-364D849CB99E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{09844A98-B7F1-4CE5-B40B-364D849CB99E}\641696270205F696E6470245F6775627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7939D44D-8366-44D0-9A94-360566B84803} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CD35D258-D2BF-4F49-9BF6-8409CD7D7EBB} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [Razer TRON Driver] C:\Program Files (x86)\Razer\Razer TRON\RazerTRONSysTray.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bryan-SIZZLE\AppData\Roaming\Mozilla\Firefox\Profiles\ytghfu1z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co...F-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bryan-SIZZLE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bryan-SIZZLE\AppData\Roaming\Mozilla\Firefox\Profiles\ytghfu1z.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Bryan-SIZZLE\AppData\Roaming\Mozilla\Firefox\Profiles\ytghfu1z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8hgEPYlz&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 18e123bc0000000000000026833496ca
FF - user.js: extensions.incredibar_i.hardId - 18e123bc0000000000000026833496ca
FF - user.js: extensions.incredibar_i.instlDay - 15358
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:11:24
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8hgEPYlz
FF - user.js: extensions.incredibar_i.upn2n - 92823698656000849
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-14 21:47:27 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\Locktime
2012-07-14 13:06:31 -------- d-----w- C:\ProgramData\Locktime
2012-07-14 13:06:31 -------- d-----w- C:\Program Files\NetLimiter 3
2012-07-14 13:00:54 -------- d-----w- C:\Program Files (x86)\NetPeeker
2012-07-14 00:02:54 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\Trine2
2012-07-13 23:15:49 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\six-zsync
2012-07-13 23:15:49 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\six-updater
2012-07-13 21:43:33 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-07-13 21:17:02 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\fltk.org
2012-07-13 21:17:02 -------- d-----w- C:\ProgramData\fltk.org
2012-07-12 22:54:50 -------- d-----w- C:\ProgramData\TriDef 3D
2012-07-12 22:53:55 -------- d-----w- C:\Program Files (x86)\TriDef 3D
2012-07-11 02:51:45 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\fontconfig
2012-07-11 02:51:44 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\gegl-0.2
2012-07-11 02:51:44 -------- d-----w- C:\Users\Bryan-SIZZLE\.gimp-2.8
2012-07-11 02:43:46 -------- d-----w- C:\Program Files\GIMP 2
2012-07-10 19:56:51 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\WebApp
2012-07-10 19:54:03 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\Cyberlink
2012-07-10 19:30:27 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-07-10 19:20:19 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\Licenses
2012-07-10 18:53:05 -------- d-----w- C:\ProgramData\DDD
2012-07-10 18:43:33 -------- d-----w- C:\Swsetup
2012-07-08 20:33:49 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\KodakGallery
2012-07-08 20:33:46 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\Skinux
2012-07-08 20:33:22 -------- d-----w- C:\Program Files (x86)\Kodak
2012-07-08 20:27:45 -------- d-----w- C:\ProgramData\Kodak
2012-07-03 20:55:20 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\BF68.tmp
2012-07-03 12:55:15 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-07-02 13:24:56 -------- d--h--w- C:\$AVG
2012-07-01 17:49:39 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\NCH Software
2012-07-01 17:49:39 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-07-01 17:07:53 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\Moyea
2012-07-01 17:03:42 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\{00830928-5C38-4608-8F3F-88A6824D61A0}
2012-07-01 17:03:33 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\{15D4BC57-3EB4-4282-9691-E5D04ED31651}
2012-07-01 17:03:17 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\{B1270074-70B5-471A-84E5-C3CE3C02A073}
2012-07-01 16:01:32 -------- d-----w- C:\Windows\en
2012-07-01 15:57:35 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\Windows Live
2012-07-01 15:57:35 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-07-01 14:10:51 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-07-01 13:27:08 -------- d-----w- C:\ProgramData\Innovative Solutions
2012-07-01 13:27:07 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Local\Innovative Solutions
2012-07-01 13:27:07 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2012-07-01 13:27:06 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl
2012-06-20 12:05:32 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 12:05:32 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-15 15:24:43 -------- d-----w- C:\Users\Bryan-SIZZLE\AppData\Roaming\LoneSurvivor
.
==================== Find3M ====================
.
2012-07-12 01:56:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:56:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-10 19:27:34 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-10 19:27:34 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 17:59:00 60304 ----a-w- C:\Users\Bryan-SIZZLE\g2mdlhlpx.exe
2012-05-16 23:07:16 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-05-16 23:07:16 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 17:53:14.99 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 14 July 2012 - 11:56 PM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 callmeevo

callmeevo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 15 July 2012 - 07:56 AM

Thanks for the fast response!
Here is my security check log:
Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java™ 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (13.0.1)
Mozilla Thunderbird (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

ComboFix Log:
ComboFix 12-07-14.01 - Bryan-SIZZLE 07/15/2012 8:37.1.4 - x64
Running from: c:\users\Bryan-SIZZLE\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Templates\1028.msi
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Templates\1031.msi
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Templates\1033.msi
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Templates\1036.msi
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Templates\1041.msi
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Templates\2052.msi
c:\users\Bryan-SIZZLE\Documents\~WRL3856.tmp
c:\users\Bryan-SIZZLE\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\L\00000004.@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\L\1afb2d56
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\L\201d3dde
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\U\00000004.@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\U\00000008.@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\U\000000cb.@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\U\80000000.@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\U\80000032.@
c:\windows\Installer\{06228fd5-fce9-6b1a-36cf-5a762342ccb9}\U\80000064.@
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 12:41 . 2012-07-15 12:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-14 22:02 . 2012-07-14 22:03 -------- d-----w- C:\FRST
2012-07-14 21:47 . 2012-07-14 21:47 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Locktime
2012-07-14 13:06 . 2012-07-14 13:06 -------- d-----w- c:\programdata\Locktime
2012-07-14 13:06 . 2012-07-14 13:06 -------- d-----w- c:\program files\NetLimiter 3
2012-07-14 13:00 . 2012-07-14 21:47 -------- d-----w- c:\program files (x86)\NetPeeker
2012-07-14 00:02 . 2012-07-14 00:10 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\Trine2
2012-07-13 23:15 . 2012-07-13 23:15 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\six-zsync
2012-07-13 23:15 . 2012-07-13 23:15 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\six-updater
2012-07-13 21:43 . 2012-07-13 21:43 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-13 21:17 . 2012-07-13 21:17 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\fltk.org
2012-07-13 21:17 . 2012-07-13 21:17 -------- d-----w- c:\programdata\fltk.org
2012-07-12 22:54 . 2012-07-12 22:54 -------- d-----w- c:\programdata\TriDef 3D
2012-07-12 22:53 . 2012-07-12 22:54 -------- d-----w- c:\program files (x86)\TriDef 3D
2012-07-11 02:51 . 2012-07-11 02:51 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\fontconfig
2012-07-11 02:51 . 2012-07-11 02:54 -------- d-----w- c:\users\Bryan-SIZZLE\.gimp-2.8
2012-07-11 02:51 . 2012-07-11 02:51 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\gegl-0.2
2012-07-11 02:43 . 2012-07-11 02:43 -------- d-----w- c:\program files\GIMP 2
2012-07-10 19:56 . 2012-07-10 19:56 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\WebApp
2012-07-10 19:54 . 2012-07-10 20:35 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Cyberlink
2012-07-10 19:54 . 2012-07-10 19:54 -------- d-----w- c:\users\Public\CyberLink
2012-07-10 19:54 . 2012-07-10 19:54 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\CyberLink
2012-07-10 19:38 . 2012-07-10 19:38 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-07-10 19:30 . 2012-07-10 19:54 -------- d-----w- c:\programdata\CyberLink
2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files (x86)\CyberLink
2012-07-10 19:30 . 2012-07-10 19:27 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-07-10 19:20 . 2012-07-10 19:20 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Licenses
2012-07-10 18:53 . 2012-07-10 18:53 -------- d-----w- c:\programdata\DDD
2012-07-10 18:43 . 2012-07-10 18:43 -------- d-----w- C:\Swsetup
2012-07-08 20:33 . 2012-07-08 20:33 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\KodakGallery
2012-07-08 20:33 . 2012-07-08 20:33 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\Skinux
2012-07-08 20:33 . 2012-07-08 20:33 -------- d-----w- c:\program files (x86)\Kodak
2012-07-08 20:27 . 2012-07-09 18:56 -------- d-----w- c:\programdata\Kodak
2012-07-04 12:21 . 2012-07-04 12:21 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\dvdcss
2012-07-03 20:55 . 2012-07-03 20:55 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\BF68.tmp
2012-07-03 12:55 . 2012-07-03 12:55 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-07-02 13:24 . 2012-07-02 13:24 -------- d-----w- C:\$AVG
2012-07-01 17:49 . 2012-07-08 20:34 -------- d-----w- c:\programdata\NCH Software
2012-07-01 17:49 . 2012-07-01 17:50 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\NCH Software
2012-07-01 17:49 . 2012-07-01 17:49 -------- d-----w- c:\program files (x86)\NCH Software
2012-07-01 17:07 . 2012-07-01 17:07 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\Moyea
2012-07-01 16:01 . 2012-07-01 16:01 -------- d-----w- c:\windows\en
2012-07-01 15:59 . 2012-07-01 16:00 -------- d-----w- c:\program files (x86)\Windows Live
2012-07-01 15:58 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-01 15:58 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-01 15:58 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-07-01 15:58 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-07-01 15:58 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-07-01 15:58 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-07-01 15:58 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-01 15:58 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2012-07-01 15:58 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-07-01 15:58 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-07-01 15:58 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2012-07-01 15:57 . 2012-07-01 17:04 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Windows Live
2012-07-01 15:57 . 2012-07-01 15:57 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-07-01 14:10 . 2012-07-03 12:10 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-07-01 13:27 . 2012-07-01 13:27 -------- d-----w- c:\programdata\Innovative Solutions
2012-07-01 13:27 . 2012-07-01 13:27 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Innovative Solutions
2012-07-01 13:27 . 2012-07-01 13:27 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2012-07-01 13:27 . 2009-11-05 17:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2012-06-27 13:44 . 2012-06-27 13:44 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\DivX
2012-06-20 12:05 . 2012-06-20 12:05 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 12:05 . 2012-06-20 12:05 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 19:01 . 2012-07-15 02:48 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\FileZilla
2012-06-18 19:01 . 2012-06-18 19:01 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-06-15 15:24 . 2012-06-15 15:24 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\LoneSurvivor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 01:56 . 2012-05-17 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:56 . 2012-01-18 04:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 19:27 . 2003-03-19 00:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-10 19:27 . 2003-02-21 08:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-01 15:59 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-16 23:07 . 2012-05-16 23:07 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-16 23:07 . 2012-05-16 23:07 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-01-18 1242448]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2012-03-04 232032]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2012-06-04 3029112]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Razer TRON Driver"="c:\program files (x86)\Razer\Razer TRON\RazerTRONSysTray.exe" [2010-11-16 956304]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"AVG_TRAY"="d:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
.
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2012-2-3 350208]
SickBeard - Shortcut.lnk - d:\program files (x86)\Sickbeard\SickBeard-win32-alpha-build492\SickBeard.exe [2012-2-11 26112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2012-3-8 1169920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/10 15:30;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\BRYAN-~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-02-08 12904]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-19 279616]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys [2010-09-21 43136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-02 258688]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Fishbowl\database\bin\fb_inet_server.exe [2010-09-17 5604864]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-09-17 16512]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [2011-03-29 1254464]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-14 157184]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 01:56]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1088667709-536041987-3908315315-1000Core.job
- c:\users\Bryan-SIZZLE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 18:18]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1088667709-536041987-3908315315-1000UA.job
- c:\users\Bryan-SIZZLE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 18:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Bryan-SIZZLE\AppData\Roaming\Mozilla\Firefox\Profiles\ytghfu1z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co...F-8&oe=UTF-8&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8hgEPYlz&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 18e123bc0000000000000026833496ca
FF - user.js: extensions.incredibar_i.hardId - 18e123bc0000000000000026833496ca
FF - user.js: extensions.incredibar_i.instlDay - 15358
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:11
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8hgEPYlz
FF - user.js: extensions.incredibar_i.upn2n - 92823698656000849
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088667709-536041987-3908315315-1000\Software\SecuROM\License information*]
"datasecu"=hex:1e,2f,25,98,47,91,00,f7,66,1f,4f,75,9e,9b,0a,98,12,5d,21,cf,4b,
50,11,74,3c,d1,1a,e7,03,76,5e,c3,90,06,79,9f,b2,6a,d4,4e,6c,f7,ca,2d,4e,c5,\
"rkeysecu"=hex:0b,be,1e,05,ee,44,41,c1,8b,3e,23,e9,e9,e4,2f,0b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.a
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
c:\program files (x86)\Razer\Razer Lycosa\razertra.exe
c:\program files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
c:\program files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2012-07-15 08:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 12:45
.
Pre-Run: 13,319,086,080 bytes free
Post-Run: 13,969,481,728 bytes free
.
- - End Of File - - DD0C14D4A2B0FF2E0C55711DF399901B




I had no problems performing any of these steps.

Things seem better for now, but it strikes periodically, so there's a chance it just hasn't redirected me yet.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 15 July 2012 - 11:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 callmeevo

callmeevo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 15 July 2012 - 04:27 PM

17:03:04.0501 1204 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
17:03:04.0756 1204 ============================================================
17:03:04.0756 1204 Current date / time: 2012/07/15 17:03:04.0756
17:03:04.0756 1204 SystemInfo:
17:03:04.0757 1204
17:03:04.0757 1204 OS Version: 6.1.7600 ServicePack: 0.0
17:03:04.0757 1204 Product type: Workstation
17:03:04.0757 1204 ComputerName: BRYAN-SIZZLE-PC
17:03:04.0757 1204 UserName: Bryan-SIZZLE
17:03:04.0757 1204 Windows directory: C:\Windows
17:03:04.0757 1204 System windows directory: C:\Windows
17:03:04.0757 1204 Running under WOW64
17:03:04.0757 1204 Processor architecture: Intel x64
17:03:04.0757 1204 Number of processors: 4
17:03:04.0757 1204 Page size: 0x1000
17:03:04.0757 1204 Boot type: Normal boot
17:03:04.0757 1204 ============================================================
17:03:04.0974 1204 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:03:04.0984 1204 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:03:04.0988 1204 ============================================================
17:03:04.0988 1204 \Device\Harddisk0\DR0:
17:03:04.0988 1204 GPT partitions:
17:03:04.0989 1204 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A449E4BD-24A0-4EAA-A4F1-67CF28D5917F}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
17:03:04.0989 1204 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96DE3500-E438-48D5-A425-3336941B999F}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
17:03:04.0989 1204 MBR partitions:
17:03:04.0989 1204 \Device\Harddisk1\DR1:
17:03:04.0989 1204 MBR partitions:
17:03:04.0989 1204 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:03:04.0989 1204 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
17:03:04.0989 1204 ============================================================
17:03:04.0991 1204 C: <-> \Device\Harddisk1\DR1\Partition1
17:03:05.0005 1204 D: <-> \Device\Harddisk0\DR0\Partition1
17:03:05.0006 1204 ============================================================
17:03:05.0006 1204 Initialize success
17:03:05.0006 1204 ============================================================
17:03:08.0169 2812 ============================================================
17:03:08.0169 2812 Scan started
17:03:08.0169 2812 Mode: Manual;
17:03:08.0169 2812 ============================================================
17:03:08.0540 2812 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:03:08.0542 2812 1394ohci - ok
17:03:08.0552 2812 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:03:08.0554 2812 ACPI - ok
17:03:08.0556 2812 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:03:08.0558 2812 AcpiPmi - ok
17:03:08.0566 2812 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:03:08.0567 2812 AdobeARMservice - ok
17:03:08.0589 2812 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:03:08.0590 2812 AdobeFlashPlayerUpdateSvc - ok
17:03:08.0604 2812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:03:08.0606 2812 adp94xx - ok
17:03:08.0617 2812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:03:08.0619 2812 adpahci - ok
17:03:08.0628 2812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:03:08.0629 2812 adpu320 - ok
17:03:08.0634 2812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:03:08.0636 2812 AeLookupSvc - ok
17:03:08.0644 2812 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
17:03:08.0646 2812 AFD - ok
17:03:08.0656 2812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:03:08.0657 2812 agp440 - ok
17:03:08.0661 2812 AiChargerPlus (8b6625d53c18774f0102f690e285b5e8) C:\Windows\system32\DRIVERS\AiChargerPlus.sys
17:03:08.0662 2812 AiChargerPlus - ok
17:03:08.0670 2812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:03:08.0672 2812 ALG - ok
17:03:08.0675 2812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:03:08.0676 2812 aliide - ok
17:03:08.0689 2812 ALSysIO - ok
17:03:08.0701 2812 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
17:03:08.0702 2812 AMD External Events Utility - ok
17:03:08.0705 2812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:03:08.0706 2812 amdide - ok
17:03:08.0710 2812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:03:08.0712 2812 AmdK8 - ok
17:03:08.0809 2812 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
17:03:08.0884 2812 amdkmdag - ok
17:03:08.0913 2812 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
17:03:08.0914 2812 amdkmdap - ok
17:03:08.0919 2812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:03:08.0920 2812 AmdPPM - ok
17:03:08.0926 2812 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
17:03:08.0928 2812 amdsata - ok
17:03:08.0936 2812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:03:08.0937 2812 amdsbs - ok
17:03:08.0941 2812 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
17:03:08.0942 2812 amdxata - ok
17:03:08.0950 2812 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:03:08.0952 2812 AppID - ok
17:03:08.0956 2812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:03:08.0957 2812 AppIDSvc - ok
17:03:08.0962 2812 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:03:08.0963 2812 Appinfo - ok
17:03:08.0972 2812 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:03:08.0973 2812 Apple Mobile Device - ok
17:03:08.0982 2812 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:03:08.0984 2812 AppMgmt - ok
17:03:08.0988 2812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:03:08.0990 2812 arc - ok
17:03:08.0995 2812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:03:08.0997 2812 arcsas - ok
17:03:09.0013 2812 asComSvc (6e3f4538b33bc19259e99be1826286a3) C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
17:03:09.0017 2812 asComSvc - ok
17:03:09.0029 2812 ASDiskUnlocker (c6c1fba3b599f2bfeab467dc9e66aa5e) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
17:03:09.0030 2812 ASDiskUnlocker - ok
17:03:09.0036 2812 ASFLTDrv.sys (2921131f9a111fd6c6d2c5e1e5b6b75c) C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys
17:03:09.0037 2812 ASFLTDrv.sys - ok
17:03:09.0052 2812 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
17:03:09.0056 2812 asHmComSvc - ok
17:03:09.0072 2812 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
17:03:09.0074 2812 AsIO - ok
17:03:09.0096 2812 asmthub3 (6d9c024aa8f24065a6dbeab1f431d854) C:\Windows\system32\DRIVERS\asmthub3.sys
17:03:09.0098 2812 asmthub3 - ok
17:03:09.0108 2812 asmtxhci (ecad22f15d8f17cc04f24e9a6fb00f2f) C:\Windows\system32\DRIVERS\asmtxhci.sys
17:03:09.0110 2812 asmtxhci - ok
17:03:09.0125 2812 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:03:09.0126 2812 aspnet_state - ok
17:03:09.0140 2812 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
17:03:09.0143 2812 AsSysCtrlService - ok
17:03:09.0159 2812 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
17:03:09.0160 2812 AsUpIO - ok
17:03:09.0164 2812 ASUSFILTER (a5e4cdb420540095d1293c874b5f89aa) C:\Windows\syswow64\drivers\ASUSFILTER.sys
17:03:09.0165 2812 ASUSFILTER - ok
17:03:09.0172 2812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:03:09.0174 2812 AsyncMac - ok
17:03:09.0177 2812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:03:09.0178 2812 atapi - ok
17:03:09.0181 2812 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
17:03:09.0183 2812 AthBTPort - ok
17:03:09.0187 2812 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
17:03:09.0188 2812 ATHDFU - ok
17:03:09.0195 2812 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:03:09.0196 2812 AtherosSvc - ok
17:03:09.0218 2812 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
17:03:09.0224 2812 athr - ok
17:03:09.0238 2812 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
17:03:09.0240 2812 AtiHDAudioService - ok
17:03:09.0251 2812 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
17:03:09.0252 2812 atksgt - ok
17:03:09.0267 2812 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:03:09.0270 2812 AudioEndpointBuilder - ok
17:03:09.0274 2812 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:03:09.0277 2812 AudioSrv - ok
17:03:09.0409 2812 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:03:09.0453 2812 AVGIDSAgent - ok
17:03:09.0459 2812 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:03:09.0461 2812 AVGIDSDriver - ok
17:03:09.0465 2812 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:03:09.0466 2812 AVGIDSFilter - ok
17:03:09.0469 2812 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
17:03:09.0471 2812 AVGIDSHA - ok
17:03:09.0481 2812 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
17:03:09.0483 2812 Avgldx64 - ok
17:03:09.0487 2812 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:03:09.0489 2812 Avgmfx64 - ok
17:03:09.0492 2812 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:03:09.0494 2812 Avgrkx64 - ok
17:03:09.0538 2812 avgwd (ea1145debcd508fd25bd1e95c4346929) D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:03:09.0540 2812 avgwd - ok
17:03:09.0548 2812 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:03:09.0551 2812 AxInstSV - ok
17:03:09.0565 2812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:03:09.0568 2812 b06bdrv - ok
17:03:09.0580 2812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:03:09.0582 2812 b57nd60a - ok
17:03:09.0597 2812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:03:09.0599 2812 BDESVC - ok
17:03:09.0603 2812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:03:09.0604 2812 Beep - ok
17:03:09.0620 2812 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:03:09.0623 2812 BFE - ok
17:03:09.0640 2812 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:03:09.0644 2812 BITS - ok
17:03:09.0651 2812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:03:09.0653 2812 blbdrive - ok
17:03:09.0667 2812 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:03:09.0669 2812 Bonjour Service - ok
17:03:09.0675 2812 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
17:03:09.0676 2812 bowser - ok
17:03:09.0679 2812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:03:09.0680 2812 BrFiltLo - ok
17:03:09.0683 2812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:03:09.0684 2812 BrFiltUp - ok
17:03:09.0695 2812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:03:09.0697 2812 BridgeMP - ok
17:03:09.0706 2812 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:03:09.0707 2812 Browser - ok
17:03:09.0718 2812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:03:09.0720 2812 Brserid - ok
17:03:09.0724 2812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:03:09.0726 2812 BrSerWdm - ok
17:03:09.0729 2812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:03:09.0730 2812 BrUsbMdm - ok
17:03:09.0732 2812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:03:09.0733 2812 BrUsbSer - ok
17:03:09.0744 2812 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
17:03:09.0745 2812 BTATH_A2DP - ok
17:03:09.0749 2812 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
17:03:09.0749 2812 BTATH_BUS - ok
17:03:09.0759 2812 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:03:09.0761 2812 BTATH_HCRP - ok
17:03:09.0765 2812 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:03:09.0767 2812 BTATH_LWFLT - ok
17:03:09.0775 2812 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:03:09.0776 2812 BTATH_RCP - ok
17:03:09.0787 2812 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
17:03:09.0789 2812 BtFilter - ok
17:03:09.0791 2812 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:03:09.0792 2812 BthEnum - ok
17:03:09.0798 2812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:03:09.0799 2812 BTHMODEM - ok
17:03:09.0805 2812 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:03:09.0806 2812 BthPan - ok
17:03:09.0819 2812 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
17:03:09.0822 2812 BTHPORT - ok
17:03:09.0828 2812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:03:09.0829 2812 bthserv - ok
17:03:09.0835 2812 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
17:03:09.0836 2812 BTHUSB - ok
17:03:09.0838 2812 catchme - ok
17:03:09.0844 2812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:03:09.0845 2812 cdfs - ok
17:03:09.0853 2812 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:03:09.0854 2812 cdrom - ok
17:03:09.0861 2812 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:03:09.0863 2812 CertPropSvc - ok
17:03:09.0871 2812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:03:09.0872 2812 circlass - ok
17:03:09.0883 2812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:03:09.0884 2812 CLFS - ok
17:03:09.0901 2812 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
17:03:09.0903 2812 CLKMSVC10_38F51D56 - ok
17:03:09.0911 2812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:09.0913 2812 clr_optimization_v2.0.50727_32 - ok
17:03:09.0919 2812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:03:09.0921 2812 clr_optimization_v2.0.50727_64 - ok
17:03:09.0940 2812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:03:09.0941 2812 clr_optimization_v4.0.30319_32 - ok
17:03:09.0953 2812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:03:09.0954 2812 clr_optimization_v4.0.30319_64 - ok
17:03:09.0972 2812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:03:09.0973 2812 CmBatt - ok
17:03:09.0975 2812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:03:09.0976 2812 cmdide - ok
17:03:09.0989 2812 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:03:09.0992 2812 CNG - ok
17:03:09.0995 2812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:03:09.0996 2812 Compbatt - ok
17:03:10.0004 2812 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:03:10.0005 2812 CompositeBus - ok
17:03:10.0007 2812 COMSysApp - ok
17:03:10.0012 2812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:03:10.0013 2812 crcdisk - ok
17:03:10.0022 2812 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:03:10.0024 2812 CryptSvc - ok
17:03:10.0036 2812 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:03:10.0039 2812 CSC - ok
17:03:10.0054 2812 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
17:03:10.0057 2812 CscService - ok
17:03:10.0071 2812 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:03:10.0074 2812 DcomLaunch - ok
17:03:10.0086 2812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:03:10.0087 2812 defragsvc - ok
17:03:10.0096 2812 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
17:03:10.0098 2812 DfsC - ok
17:03:10.0108 2812 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:03:10.0109 2812 Dhcp - ok
17:03:10.0113 2812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:03:10.0114 2812 discache - ok
17:03:10.0118 2812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:03:10.0120 2812 Disk - ok
17:03:10.0128 2812 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
17:03:10.0129 2812 Dnscache - ok
17:03:10.0140 2812 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:03:10.0141 2812 dot3svc - ok
17:03:10.0150 2812 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:03:10.0151 2812 DPS - ok
17:03:10.0154 2812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:03:10.0155 2812 drmkaud - ok
17:03:10.0166 2812 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:03:10.0168 2812 dtsoftbus01 - ok
17:03:10.0185 2812 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
17:03:10.0189 2812 DXGKrnl - ok
17:03:10.0200 2812 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
17:03:10.0202 2812 e1cexpress - ok
17:03:10.0209 2812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:03:10.0211 2812 EapHost - ok
17:03:10.0248 2812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:03:10.0262 2812 ebdrv - ok
17:03:10.0280 2812 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
17:03:10.0281 2812 EFS - ok
17:03:10.0297 2812 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
17:03:10.0301 2812 ehRecvr - ok
17:03:10.0307 2812 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:03:10.0309 2812 ehSched - ok
17:03:10.0326 2812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:03:10.0328 2812 elxstor - ok
17:03:10.0331 2812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:03:10.0332 2812 ErrDev - ok
17:03:10.0345 2812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:03:10.0347 2812 EventSystem - ok
17:03:10.0356 2812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:03:10.0357 2812 exfat - ok
17:03:10.0368 2812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:03:10.0369 2812 fastfat - ok
17:03:10.0383 2812 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:03:10.0386 2812 Fax - ok
17:03:10.0391 2812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:03:10.0393 2812 fdc - ok
17:03:10.0396 2812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:03:10.0397 2812 fdPHost - ok
17:03:10.0403 2812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:03:10.0405 2812 FDResPub - ok
17:03:10.0409 2812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:03:10.0411 2812 FileInfo - ok
17:03:10.0414 2812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:03:10.0415 2812 Filetrace - ok
17:03:10.0476 2812 FirebirdServerDefaultInstance (0f4f7c5ee0fd2c0456a061671eb71568) C:\Program Files (x86)\Fishbowl\database\bin\fb_inet_server.exe
17:03:10.0510 2812 FirebirdServerDefaultInstance - ok
17:03:10.0530 2812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:03:10.0532 2812 flpydisk - ok
17:03:10.0542 2812 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:03:10.0544 2812 FltMgr - ok
17:03:10.0562 2812 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
17:03:10.0567 2812 FontCache - ok
17:03:10.0575 2812 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:03:10.0576 2812 FontCache3.0.0.0 - ok
17:03:10.0587 2812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:03:10.0588 2812 FsDepends - ok
17:03:10.0591 2812 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:03:10.0593 2812 Fs_Rec - ok
17:03:10.0602 2812 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
17:03:10.0604 2812 fvevol - ok
17:03:10.0608 2812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:03:10.0610 2812 gagp30kx - ok
17:03:10.0615 2812 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:03:10.0617 2812 GEARAspiWDM - ok
17:03:10.0632 2812 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:03:10.0635 2812 gpsvc - ok
17:03:10.0642 2812 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:03:10.0643 2812 hamachi - ok
17:03:10.0674 2812 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:03:10.0684 2812 Hamachi2Svc - ok
17:03:10.0705 2812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:03:10.0706 2812 hcw85cir - ok
17:03:10.0716 2812 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:03:10.0718 2812 HdAudAddService - ok
17:03:10.0727 2812 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:03:10.0728 2812 HDAudBus - ok
17:03:10.0731 2812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:03:10.0733 2812 HidBatt - ok
17:03:10.0739 2812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:03:10.0740 2812 HidBth - ok
17:03:10.0745 2812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:03:10.0747 2812 HidIr - ok
17:03:10.0750 2812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:03:10.0751 2812 hidserv - ok
17:03:10.0755 2812 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:03:10.0756 2812 HidUsb - ok
17:03:10.0819 2812 HiPatchService (8d1f00f4254c3ef428b715484940427c) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
17:03:10.0820 2812 HiPatchService - ok
17:03:10.0833 2812 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:03:10.0836 2812 hkmsvc - ok
17:03:10.0848 2812 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:03:10.0850 2812 HomeGroupListener - ok
17:03:10.0860 2812 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:03:10.0862 2812 HomeGroupProvider - ok
17:03:10.0868 2812 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:03:10.0870 2812 HpSAMD - ok
17:03:10.0886 2812 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:03:10.0890 2812 HTTP - ok
17:03:10.0894 2812 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:03:10.0894 2812 hwpolicy - ok
17:03:10.0901 2812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:03:10.0903 2812 i8042prt - ok
17:03:10.0915 2812 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
17:03:10.0917 2812 iaStorV - ok
17:03:10.0921 2812 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
17:03:10.0923 2812 ICCWDT - ok
17:03:10.0940 2812 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:03:10.0944 2812 idsvc - ok
17:03:10.0948 2812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:03:10.0950 2812 iirsp - ok
17:03:10.0965 2812 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:03:10.0969 2812 IKEEXT - ok
17:03:11.0001 2812 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
17:03:11.0016 2812 IntcAzAudAddService - ok
17:03:11.0038 2812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:03:11.0039 2812 intelide - ok
17:03:11.0043 2812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:03:11.0045 2812 intelppm - ok
17:03:11.0053 2812 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
17:03:11.0054 2812 Intel® PROSet Monitoring Service - ok
17:03:11.0059 2812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:03:11.0061 2812 IPBusEnum - ok
17:03:11.0065 2812 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:03:11.0067 2812 IpFilterDriver - ok
17:03:11.0081 2812 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:03:11.0084 2812 iphlpsvc - ok
17:03:11.0095 2812 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:03:11.0097 2812 IPMIDRV - ok
17:03:11.0107 2812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:03:11.0110 2812 IPNAT - ok
17:03:11.0127 2812 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:03:11.0130 2812 iPod Service - ok
17:03:11.0134 2812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:03:11.0136 2812 IRENUM - ok
17:03:11.0139 2812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:03:11.0140 2812 isapnp - ok
17:03:11.0150 2812 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:03:11.0151 2812 iScsiPrt - ok
17:03:11.0158 2812 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
17:03:11.0160 2812 JRAID - ok
17:03:11.0163 2812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:03:11.0165 2812 kbdclass - ok
17:03:11.0168 2812 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:03:11.0169 2812 kbdhid - ok
17:03:11.0173 2812 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:03:11.0173 2812 KeyIso - ok
17:03:11.0179 2812 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:03:11.0180 2812 KSecDD - ok
17:03:11.0189 2812 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
17:03:11.0190 2812 KSecPkg - ok
17:03:11.0193 2812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:03:11.0195 2812 ksthunk - ok
17:03:11.0206 2812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:03:11.0208 2812 KtmRm - ok
17:03:11.0220 2812 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
17:03:11.0221 2812 LanmanServer - ok
17:03:11.0229 2812 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:03:11.0231 2812 LanmanWorkstation - ok
17:03:11.0252 2812 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys
17:03:11.0257 2812 Linksys_adapter_H - ok
17:03:11.0262 2812 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
17:03:11.0264 2812 lirsgt - ok
17:03:11.0269 2812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:03:11.0270 2812 lltdio - ok
17:03:11.0281 2812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:03:11.0283 2812 lltdsvc - ok
17:03:11.0287 2812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:03:11.0288 2812 lmhosts - ok
17:03:11.0295 2812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:03:11.0297 2812 LSI_FC - ok
17:03:11.0303 2812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:03:11.0305 2812 LSI_SAS - ok
17:03:11.0310 2812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:03:11.0311 2812 LSI_SAS2 - ok
17:03:11.0317 2812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:03:11.0319 2812 LSI_SCSI - ok
17:03:11.0326 2812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:03:11.0327 2812 luafv - ok
17:03:11.0331 2812 Lycosa (beb897ce49f7c991845d3aea0d298e53) C:\Windows\system32\drivers\Lycosa.sys
17:03:11.0333 2812 Lycosa - ok
17:03:11.0343 2812 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:03:11.0345 2812 Mcx2Svc - ok
17:03:11.0349 2812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:03:11.0350 2812 megasas - ok
17:03:11.0360 2812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:03:11.0362 2812 MegaSR - ok
17:03:11.0367 2812 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:03:11.0368 2812 MEIx64 - ok
17:03:11.0376 2812 Microsoft SharePoint Workspace Audit Service - ok
17:03:11.0381 2812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:03:11.0383 2812 MMCSS - ok
17:03:11.0390 2812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:03:11.0391 2812 Modem - ok
17:03:11.0396 2812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:03:11.0396 2812 monitor - ok
17:03:11.0401 2812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:03:11.0402 2812 mouclass - ok
17:03:11.0406 2812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:03:11.0407 2812 mouhid - ok
17:03:11.0413 2812 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:03:11.0414 2812 mountmgr - ok
17:03:11.0420 2812 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:03:11.0422 2812 MozillaMaintenance - ok
17:03:11.0431 2812 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:03:11.0432 2812 mpio - ok
17:03:11.0437 2812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:03:11.0438 2812 mpsdrv - ok
17:03:11.0455 2812 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:03:11.0459 2812 MpsSvc - ok
17:03:11.0468 2812 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:03:11.0469 2812 MRxDAV - ok
17:03:11.0477 2812 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:03:11.0478 2812 mrxsmb - ok
17:03:11.0488 2812 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:03:11.0490 2812 mrxsmb10 - ok
17:03:11.0496 2812 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:03:11.0498 2812 mrxsmb20 - ok
17:03:11.0502 2812 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:03:11.0504 2812 msahci - ok
17:03:11.0512 2812 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:03:11.0513 2812 msdsm - ok
17:03:11.0525 2812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:03:11.0527 2812 MSDTC - ok
17:03:11.0532 2812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:03:11.0534 2812 Msfs - ok
17:03:11.0536 2812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:03:11.0537 2812 mshidkmdf - ok
17:03:11.0539 2812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:03:11.0541 2812 msisadrv - ok
17:03:11.0550 2812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:03:11.0551 2812 MSiSCSI - ok
17:03:11.0553 2812 msiserver - ok
17:03:11.0557 2812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:03:11.0557 2812 MSKSSRV - ok
17:03:11.0560 2812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:03:11.0561 2812 MSPCLOCK - ok
17:03:11.0563 2812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:03:11.0564 2812 MSPQM - ok
17:03:11.0575 2812 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:03:11.0577 2812 MsRPC - ok
17:03:11.0582 2812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:03:11.0582 2812 mssmbios - ok
17:03:11.0585 2812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:03:11.0586 2812 MSTEE - ok
17:03:11.0588 2812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:03:11.0590 2812 MTConfig - ok
17:03:11.0594 2812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:03:11.0596 2812 Mup - ok
17:03:11.0598 2812 mv2 (a906b08944ef1bec17ae306e9fdb35d0) C:\Windows\system32\DRIVERS\mv2.sys
17:03:11.0600 2812 mv2 - ok
17:03:11.0609 2812 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
17:03:11.0611 2812 mv91xx - ok
17:03:11.0624 2812 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:03:11.0627 2812 napagent - ok
17:03:11.0640 2812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:03:11.0642 2812 NativeWifiP - ok
17:03:11.0659 2812 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:03:11.0663 2812 NDIS - ok
17:03:11.0669 2812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:03:11.0671 2812 NdisCap - ok
17:03:11.0674 2812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:03:11.0675 2812 NdisTapi - ok
17:03:11.0679 2812 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:03:11.0681 2812 Ndisuio - ok
17:03:11.0688 2812 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:03:11.0690 2812 NdisWan - ok
17:03:11.0694 2812 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:03:11.0695 2812 NDProxy - ok
17:03:11.0699 2812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:03:11.0701 2812 NetBIOS - ok
17:03:11.0711 2812 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:03:11.0712 2812 NetBT - ok
17:03:11.0716 2812 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:03:11.0716 2812 Netlogon - ok
17:03:11.0727 2812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:03:11.0730 2812 Netman - ok
17:03:11.0748 2812 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:03:11.0750 2812 NetMsmqActivator - ok
17:03:11.0752 2812 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:03:11.0753 2812 NetPipeActivator - ok
17:03:11.0766 2812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:03:11.0769 2812 netprofm - ok
17:03:11.0771 2812 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:03:11.0772 2812 NetTcpActivator - ok
17:03:11.0773 2812 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:03:11.0774 2812 NetTcpPortSharing - ok
17:03:11.0782 2812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:03:11.0784 2812 nfrd960 - ok
17:03:11.0794 2812 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:03:11.0796 2812 NlaSvc - ok
17:03:11.0804 2812 NLNdisMP (ad42fb061166af0643806800304bd76f) C:\Windows\system32\DRIVERS\nlndis.sys
17:03:11.0805 2812 NLNdisMP - ok
17:03:11.0807 2812 NLNdisPT (ad42fb061166af0643806800304bd76f) C:\Windows\system32\DRIVERS\nlndis.sys
17:03:11.0808 2812 NLNdisPT - ok
17:03:11.0835 2812 nlsvc (6988373e38223438b09f0c27d7e67393) C:\Program Files\NetLimiter 3\nlsvc.exe
17:03:11.0842 2812 nlsvc - ok
17:03:11.0848 2812 nltdi (75e6581de9a0b155edab6807e668be06) C:\Program Files\NetLimiter 3\nltdi.sys
17:03:11.0850 2812 nltdi - ok
17:03:11.0869 2812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:03:11.0871 2812 Npfs - ok
17:03:11.0874 2812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:03:11.0875 2812 nsi - ok
17:03:11.0878 2812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:03:11.0879 2812 nsiproxy - ok
17:03:11.0902 2812 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
17:03:11.0909 2812 Ntfs - ok
17:03:11.0919 2812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:03:11.0920 2812 Null - ok
17:03:11.0929 2812 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
17:03:11.0930 2812 NVHDA - ok
17:03:12.0064 2812 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:03:12.0165 2812 nvlddmkm - ok
17:03:12.0194 2812 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
17:03:12.0195 2812 nvraid - ok
17:03:12.0203 2812 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
17:03:12.0204 2812 nvstor - ok
17:03:12.0221 2812 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:03:12.0225 2812 nvsvc - ok
17:03:12.0256 2812 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:03:12.0268 2812 nvUpdatusService - ok
17:03:12.0291 2812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:03:12.0293 2812 nv_agp - ok
17:03:12.0298 2812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:03:12.0300 2812 ohci1394 - ok
17:03:12.0311 2812 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:03:12.0313 2812 ose - ok
17:03:12.0369 2812 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:03:12.0392 2812 osppsvc - ok
17:03:12.0418 2812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:03:12.0420 2812 p2pimsvc - ok
17:03:12.0432 2812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:03:12.0435 2812 p2psvc - ok
17:03:12.0450 2812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:03:12.0451 2812 Parport - ok
17:03:12.0456 2812 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:03:12.0458 2812 partmgr - ok
17:03:12.0462 2812 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
17:03:12.0463 2812 pbfilter - ok
17:03:12.0471 2812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:03:12.0473 2812 PcaSvc - ok
17:03:12.0481 2812 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:03:12.0482 2812 pci - ok
17:03:12.0487 2812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:03:12.0490 2812 pciide - ok
17:03:12.0507 2812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:03:12.0508 2812 pcmcia - ok
17:03:12.0513 2812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:03:12.0514 2812 pcw - ok
17:03:12.0527 2812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:03:12.0530 2812 PEAUTH - ok
17:03:12.0550 2812 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:03:12.0556 2812 PeerDistSvc - ok
17:03:12.0575 2812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:03:12.0577 2812 PerfHost - ok
17:03:12.0612 2812 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:03:12.0618 2812 pla - ok
17:03:12.0631 2812 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
17:03:12.0633 2812 PlugPlay - ok
17:03:12.0637 2812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:03:12.0639 2812 PNRPAutoReg - ok
17:03:12.0652 2812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:03:12.0654 2812 PNRPsvc - ok
17:03:12.0670 2812 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:03:12.0672 2812 PolicyAgent - ok
17:03:12.0682 2812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:03:12.0683 2812 Power - ok
17:03:12.0692 2812 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:03:12.0694 2812 PptpMiniport - ok
17:03:12.0704 2812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:03:12.0706 2812 Processor - ok
17:03:12.0715 2812 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:03:12.0717 2812 ProfSvc - ok
17:03:12.0721 2812 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:03:12.0721 2812 ProtectedStorage - ok
17:03:12.0730 2812 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:03:12.0731 2812 Psched - ok
17:03:12.0742 2812 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:03:12.0743 2812 PSI_SVC_2 - ok
17:03:12.0765 2812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:03:12.0772 2812 ql2300 - ok
17:03:12.0796 2812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:03:12.0798 2812 ql40xx - ok
17:03:12.0808 2812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:03:12.0810 2812 QWAVE - ok
17:03:12.0819 2812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:03:12.0819 2812 QWAVEdrv - ok
17:03:12.0830 2812 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
17:03:12.0831 2812 RapiMgr - ok
17:03:12.0834 2812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:03:12.0836 2812 RasAcd - ok
17:03:12.0841 2812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:03:12.0842 2812 RasAgileVpn - ok
17:03:12.0848 2812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:03:12.0850 2812 RasAuto - ok
17:03:12.0860 2812 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:03:12.0862 2812 Rasl2tp - ok
17:03:12.0873 2812 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:03:12.0876 2812 RasMan - ok
17:03:12.0883 2812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:03:12.0885 2812 RasPppoe - ok
17:03:12.0891 2812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:03:12.0892 2812 RasSstp - ok
17:03:12.0903 2812 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:03:12.0904 2812 rdbss - ok
17:03:12.0908 2812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:03:12.0909 2812 rdpbus - ok
17:03:12.0912 2812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:03:12.0912 2812 RDPCDD - ok
17:03:12.0921 2812 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:03:12.0923 2812 RDPDR - ok
17:03:12.0926 2812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:03:12.0926 2812 RDPENCDD - ok
17:03:12.0930 2812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:03:12.0930 2812 RDPREFMP - ok
17:03:12.0940 2812 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:03:12.0941 2812 RDPWD - ok
17:03:12.0952 2812 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:03:12.0953 2812 rdyboost - ok
17:03:12.0959 2812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:03:12.0961 2812 RemoteAccess - ok
17:03:12.0965 2812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:03:12.0967 2812 RemoteRegistry - ok
17:03:12.0975 2812 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:03:12.0977 2812 RFCOMM - ok
17:03:12.0981 2812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:03:12.0983 2812 RpcEptMapper - ok
17:03:12.0986 2812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:03:12.0987 2812 RpcLocator - ok
17:03:12.0999 2812 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:03:13.0001 2812 RpcSs - ok
17:03:13.0007 2812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:03:13.0009 2812 rspndr - ok
17:03:13.0013 2812 rzjoystk (b674400273552406f11a02387222cd0f) C:\Windows\system32\DRIVERS\rzjoystk.sys
17:03:13.0014 2812 rzjoystk - ok
17:03:13.0024 2812 RzSynapse (95cbc73e98f4a5ef4366dbb4b4e5d436) C:\Windows\system32\DRIVERS\RzSynapse.sys
17:03:13.0025 2812 RzSynapse - ok
17:03:13.0028 2812 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:03:13.0029 2812 s3cap - ok
17:03:13.0036 2812 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:03:13.0037 2812 SamSs - ok
17:03:13.0048 2812 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:03:13.0050 2812 sbp2port - ok
17:03:13.0058 2812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:03:13.0060 2812 SCardSvr - ok
17:03:13.0064 2812 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:03:13.0065 2812 scfilter - ok
17:03:13.0082 2812 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
17:03:13.0088 2812 Schedule - ok
17:03:13.0094 2812 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:03:13.0094 2812 SCPolicySvc - ok
17:03:13.0102 2812 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:03:13.0104 2812 SDRSVC - ok
17:03:13.0110 2812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:03:13.0112 2812 secdrv - ok
17:03:13.0115 2812 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:03:13.0117 2812 seclogon - ok
17:03:13.0121 2812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:03:13.0123 2812 SENS - ok
17:03:13.0127 2812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:03:13.0128 2812 SensrSvc - ok
17:03:13.0132 2812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:03:13.0133 2812 Serenum - ok
17:03:13.0138 2812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:03:13.0140 2812 Serial - ok
17:03:13.0143 2812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:03:13.0144 2812 sermouse - ok
17:03:13.0154 2812 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:03:13.0156 2812 SessionEnv - ok
17:03:13.0159 2812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:03:13.0160 2812 sffdisk - ok
17:03:13.0163 2812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:03:13.0164 2812 sffp_mmc - ok
17:03:13.0167 2812 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:03:13.0168 2812 sffp_sd - ok
17:03:13.0171 2812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:03:13.0172 2812 sfloppy - ok
17:03:13.0184 2812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:03:13.0186 2812 SharedAccess - ok
17:03:13.0197 2812 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:03:13.0199 2812 ShellHWDetection - ok
17:03:13.0204 2812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:03:13.0206 2812 SiSRaid2 - ok
17:03:13.0215 2812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:03:13.0216 2812 SiSRaid4 - ok
17:03:13.0222 2812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:03:13.0224 2812 Smb - ok
17:03:13.0229 2812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:03:13.0230 2812 SNMPTRAP - ok
17:03:13.0245 2812 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
17:03:13.0247 2812 speedfan - ok
17:03:13.0250 2812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:03:13.0252 2812 spldr - ok
17:03:13.0264 2812 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
17:03:13.0267 2812 Spooler - ok
17:03:13.0307 2812 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:03:13.0322 2812 sppsvc - ok
17:03:13.0340 2812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:03:13.0342 2812 sppuinotify - ok
17:03:13.0356 2812 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
17:03:13.0359 2812 srv - ok
17:03:13.0370 2812 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
17:03:13.0372 2812 srv2 - ok
17:03:13.0381 2812 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
17:03:13.0382 2812 srvnet - ok
17:03:13.0390 2812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:03:13.0392 2812 SSDPSRV - ok
17:03:13.0397 2812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:03:13.0399 2812 SstpSvc - ok
17:03:13.0404 2812 Steam Client Service - ok
17:03:13.0415 2812 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:03:13.0417 2812 Stereo Service - ok
17:03:13.0421 2812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:03:13.0422 2812 stexstor - ok
17:03:13.0435 2812 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:03:13.0438 2812 stisvc - ok
17:03:13.0443 2812 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:03:13.0445 2812 storflt - ok
17:03:13.0448 2812 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:03:13.0449 2812 storvsc - ok
17:03:13.0452 2812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:03:13.0453 2812 swenum - ok
17:03:13.0468 2812 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:03:13.0471 2812 SwitchBoard - ok
17:03:13.0484 2812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:03:13.0487 2812 swprv - ok
17:03:13.0511 2812 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:03:13.0518 2812 SysMain - ok
17:03:13.0537 2812 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:03:13.0539 2812 TabletInputService - ok
17:03:13.0602 2812 TabletServicePen (5f5ac85de73fd25ad36bf591185ec009) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
17:03:13.0651 2812 TabletServicePen - ok
17:03:13.0677 2812 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:03:13.0679 2812 TapiSrv - ok
17:03:13.0684 2812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:03:13.0686 2812 TBS - ok
17:03:13.0715 2812 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
17:03:13.0723 2812 Tcpip - ok
17:03:13.0743 2812 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
17:03:13.0751 2812 TCPIP6 - ok
17:03:13.0766 2812 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:03:13.0767 2812 tcpipreg - ok
17:03:13.0772 2812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:03:13.0773 2812 TDPIPE - ok
17:03:13.0776 2812 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:03:13.0778 2812 TDTCP - ok
17:03:13.0786 2812 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:03:13.0788 2812 tdx - ok
17:03:13.0792 2812 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:03:13.0794 2812 TermDD - ok
17:03:13.0808 2812 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:03:13.0812 2812 TermService - ok
17:03:13.0817 2812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:03:13.0818 2812 Themes - ok
17:03:13.0823 2812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:03:13.0824 2812 THREADORDER - ok
17:03:13.0840 2812 TouchServicePen (7446e9d669a3b747bc4d11a82f69a5ed) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
17:03:13.0842 2812 TouchServicePen - ok
17:03:13.0850 2812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:03:13.0852 2812 TrkWks - ok
17:03:13.0860 2812 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:03:13.0861 2812 TrustedInstaller - ok
17:03:13.0870 2812 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:03:13.0872 2812 tssecsrv - ok
17:03:13.0878 2812 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:03:13.0880 2812 tunnel - ok
17:03:13.0885 2812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:03:13.0887 2812 uagp35 - ok
17:03:13.0898 2812 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:03:13.0900 2812 udfs - ok
17:03:13.0906 2812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:03:13.0908 2812 UI0Detect - ok
17:03:13.0913 2812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:03:13.0915 2812 uliagpkx - ok
17:03:13.0920 2812 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:03:13.0921 2812 umbus - ok
17:03:13.0925 2812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:03:13.0926 2812 UmPass - ok
17:03:13.0934 2812 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
17:03:13.0936 2812 UmRdpService - ok
17:03:13.0940 2812 UnsignedThemes (8f387a1cc015a3f5020700c657a0fc85) C:\Windows\UnsignedThemesSvc.exe
17:03:13.0941 2812 UnsignedThemes - ok
17:03:13.0951 2812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:03:13.0954 2812 upnphost - ok
17:03:13.0958 2812 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:03:13.0960 2812 USBAAPL64 - ok
17:03:13.0966 2812 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:03:13.0967 2812 usbaudio - ok
17:03:13.0973 2812 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
17:03:13.0975 2812 usbccgp - ok
17:03:13.0980 2812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:03:13.0982 2812 usbcir - ok
17:03:13.0987 2812 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
17:03:13.0988 2812 usbehci - ok
17:03:14.0000 2812 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
17:03:14.0002 2812 usbhub - ok
17:03:14.0006 2812 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:03:14.0007 2812 usbohci - ok
17:03:14.0011 2812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:03:14.0012 2812 usbprint - ok
17:03:14.0015 2812 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:03:14.0016 2812 USBSTOR - ok
17:03:14.0021 2812 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:03:14.0022 2812 usbuhci - ok
17:03:14.0030 2812 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
17:03:14.0031 2812 usbvideo - ok
17:03:14.0037 2812 uxpatch (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys
17:03:14.0038 2812 uxpatch - ok
17:03:14.0043 2812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:03:14.0045 2812 UxSms - ok
17:03:14.0049 2812 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:03:14.0050 2812 VaultSvc - ok
17:03:14.0055 2812 VDiskBus (1d3d716e05caa17122de65d0dba4f6d7) C:\Windows\system32\DRIVERS\VDiskBus64.sys
17:03:14.0056 2812 VDiskBus - ok
17:03:14.0060 2812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:03:14.0061 2812 vdrvroot - ok
17:03:14.0074 2812 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:03:14.0077 2812 vds - ok
17:03:14.0081 2812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:03:14.0082 2812 vga - ok
17:03:14.0087 2812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:03:14.0088 2812 VgaSave - ok
17:03:14.0097 2812 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:03:14.0099 2812 vhdmp - ok
17:03:14.0102 2812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:03:14.0103 2812 viaide - ok
17:03:14.0107 2812 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
17:03:14.0108 2812 VKbms - ok
17:03:14.0117 2812 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:03:14.0119 2812 vmbus - ok
17:03:14.0122 2812 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:03:14.0124 2812 VMBusHID - ok
17:03:14.0128 2812 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:03:14.0130 2812 volmgr - ok
17:03:14.0140 2812 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:03:14.0142 2812 volmgrx - ok
17:03:14.0153 2812 volsnap (c9d0eaf58d6ba71e128e715ea43ad87d) C:\Windows\system32\DRIVERS\volsnap.sys
17:03:14.0154 2812 volsnap - ok
17:03:14.0162 2812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:03:14.0164 2812 vsmraid - ok
17:03:14.0187 2812 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:03:14.0194 2812 VSS - ok
17:03:14.0213 2812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:03:14.0214 2812 vwifibus - ok
17:03:14.0218 2812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:03:14.0219 2812 vwififlt - ok
17:03:14.0230 2812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:03:14.0232 2812 W32Time - ok
17:03:14.0237 2812 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:03:14.0238 2812 wacmoumonitor - ok
17:03:14.0241 2812 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:03:14.0242 2812 wacommousefilter - ok
17:03:14.0246 2812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:03:14.0247 2812 WacomPen - ok
17:03:14.0250 2812 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:03:14.0252 2812 wacomvhid - ok
17:03:14.0262 2812 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:03:14.0264 2812 WANARP - ok
17:03:14.0266 2812 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:03:14.0266 2812 Wanarpv6 - ok
17:03:14.0288 2812 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:03:14.0295 2812 wbengine - ok
17:03:14.0310 2812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:03:14.0312 2812 WbioSrvc - ok
17:03:14.0323 2812 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
17:03:14.0325 2812 WcesComm - ok
17:03:14.0336 2812 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
17:03:14.0338 2812 wcncsvc - ok
17:03:14.0343 2812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:03:14.0344 2812 WcsPlugInService - ok
17:03:14.0350 2812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:03:14.0352 2812 Wd - ok
17:03:14.0366 2812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:03:14.0369 2812 Wdf01000 - ok
17:03:14.0375 2812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:03:14.0377 2812 WdiServiceHost - ok
17:03:14.0379 2812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:03:14.0380 2812 WdiSystemHost - ok
17:03:14.0391 2812 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
17:03:14.0393 2812 WebClient - ok
17:03:14.0398 2812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:03:14.0400 2812 Wecsvc - ok
17:03:14.0405 2812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:03:14.0407 2812 wercplsupport - ok
17:03:14.0413 2812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:03:14.0415 2812 WerSvc - ok
17:03:14.0422 2812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:03:14.0423 2812 WfpLwf - ok
17:03:14.0426 2812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:03:14.0427 2812 WIMMount - ok
17:03:14.0432 2812 WinDefend - ok
17:03:14.0436 2812 WinHttpAutoProxySvc - ok
17:03:14.0450 2812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:03:14.0451 2812 Winmgmt - ok
17:03:14.0479 2812 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:03:14.0488 2812 WinRM - ok
17:03:14.0512 2812 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:03:14.0513 2812 WinUsb - ok
17:03:14.0530 2812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:03:14.0535 2812 Wlansvc - ok
17:03:14.0567 2812 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:03:14.0576 2812 wlidsvc - ok
17:03:14.0595 2812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:03:14.0596 2812 WmiAcpi - ok
17:03:14.0610 2812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:03:14.0611 2812 wmiApSrv - ok
17:03:14.0615 2812 WMPNetworkSvc - ok
17:03:14.0619 2812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:03:14.0620 2812 WPCSvc - ok
17:03:14.0626 2812 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:03:14.0629 2812 WPDBusEnum - ok
17:03:14.0633 2812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:03:14.0633 2812 ws2ifsl - ok
17:03:14.0641 2812 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:03:14.0643 2812 wscsvc - ok
17:03:14.0645 2812 WSearch - ok
17:03:14.0678 2812 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:03:14.0689 2812 wuauserv - ok
17:03:14.0710 2812 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:03:14.0712 2812 WudfPf - ok
17:03:14.0720 2812 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:03:14.0721 2812 WUDFRd - ok
17:03:14.0727 2812 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:03:14.0729 2812 wudfsvc - ok
17:03:14.0739 2812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:03:14.0742 2812 WwanSvc - ok
17:03:14.0758 2812 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
17:03:14.0762 2812 xnacc - ok
17:03:14.0767 2812 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
17:03:14.0769 2812 xusb21 - ok
17:03:14.0804 2812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:03:14.0808 2812 \Device\Harddisk0\DR0 - ok
17:03:14.0810 2812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:03:14.0830 2812 \Device\Harddisk1\DR1 - ok
17:03:14.0832 2812 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
17:03:14.0832 2812 \Device\Harddisk0\DR0\Partition0 - ok
17:03:14.0834 2812 Boot (0x1200) (29948885d7fd32e0dee8961cd0dcb2ed) \Device\Harddisk0\DR0\Partition1
17:03:14.0835 2812 \Device\Harddisk0\DR0\Partition1 - ok
17:03:14.0837 2812 Boot (0x1200) (fd8461eb0e71d62127747dc11d9a026c) \Device\Harddisk1\DR1\Partition0
17:03:14.0838 2812 \Device\Harddisk1\DR1\Partition0 - ok
17:03:14.0840 2812 Boot (0x1200) (62c17c98f697e5bad02c90e8d6ba2774) \Device\Harddisk1\DR1\Partition1
17:03:14.0841 2812 \Device\Harddisk1\DR1\Partition1 - ok
17:03:14.0841 2812 ============================================================
17:03:14.0841 2812 Scan finished
17:03:14.0841 2812 ============================================================
17:03:14.0847 7588 Detected object count: 0
17:03:14.0847 7588 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 17:20:56
-----------------------------
17:20:56.596 OS Version: Windows x64 6.1.7600
17:20:56.596 Number of processors: 4 586 0x2A07
17:20:56.596 ComputerName: BRYAN-SIZZLE-PC UserName: Bryan-SIZZLE
17:20:56.845 Initialize success
17:21:00.168 AVAST engine defs: 12071501
17:21:02.134 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0
17:21:02.134 Disk 0 Vendor: ST2000DL CC3C Size: 1907729MB BusType: 11
17:21:02.134 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port2Path0Target1Lun0
17:21:02.134 Disk 1 Vendor: INTEL_SS 4PC1 Size: 76319MB BusType: 11
17:21:02.149 Disk 1 MBR read successfully
17:21:02.149 Disk 1 MBR scan
17:21:02.149 Disk 1 Windows 7 default MBR code
17:21:02.149 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:21:02.149 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
17:21:02.149 Disk 1 scanning C:\Windows\system32\drivers
17:21:05.005 Service scanning
17:21:14.069 Modules scanning
17:21:14.069 Disk 1 trace - called modules:
17:21:14.084 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
17:21:14.084 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800ad2e060]
17:21:14.084 3 CLASSPNP.SYS[fffff8800198443f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port2Path0Target1Lun0[0xfffffa800a542050]
17:21:14.240 AVAST engine scan C:\Windows
17:21:14.771 AVAST engine scan C:\Windows\system32
17:22:34.473 AVAST engine scan C:\Windows\system32\drivers
17:22:41.790 AVAST engine scan C:\Users\Bryan-SIZZLE
17:23:49.719 Disk 1 MBR has been saved successfully to "C:\Users\Bryan-SIZZLE\Downloads\MBR.dat"
17:23:49.725 The log file has been saved successfully to "C:\Users\Bryan-SIZZLE\Downloads\aswMBR.txt"



In addition to these logs, I have noticed a typing sound being played through my headphones on occassion, and im not sure what this stems from.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 15 July 2012 - 09:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Bryan-SIZZLE\AppData\Roaming\Mozilla\Firefox\Profiles\ytghfu1z.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8hgEPYlz&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 18e123bc0000000000000026833496ca
FF - user.js: extensions.incredibar_i.hardId - 18e123bc0000000000000026833496ca
FF - user.js: extensions.incredibar_i.instlDay - 15358
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:11
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8hgEPYlz
FF - user.js: extensions.incredibar_i.upn2n - 92823698656000849
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 callmeevo

callmeevo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 16 July 2012 - 05:44 PM

ComboFix 12-07-16.01 - Bryan-SIZZLE 07/16/2012 9:13.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12263.8354 [GMT -4:00]
Running from: c:\users\Bryan-SIZZLE\Downloads\ComboFix.exe
Command switches used :: c:\users\Bryan-SIZZLE\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120715171629.109999
c:\programdata\boost_interprocess\20120715171629.109999\plex_frame_mutex
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 13:18 . 2012-07-16 13:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-16 13:18 . 2012-07-16 13:18 -------- d-----w- c:\users\Mily\AppData\Local\temp
2012-07-16 13:18 . 2012-07-16 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 21:52 . 2012-07-15 21:53 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\six-updater
2012-07-15 19:56 . 2012-07-15 19:56 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\ArmA 2
2012-07-15 19:49 . 2012-07-15 19:49 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\ArmA 2 RCon
2012-07-15 19:47 . 2012-07-15 22:14 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\ArmA 2 OA
2012-07-14 22:02 . 2012-07-14 22:03 -------- d-----w- C:\FRST
2012-07-14 21:47 . 2012-07-14 21:47 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Locktime
2012-07-14 13:06 . 2012-07-14 13:06 -------- d-----w- c:\programdata\Locktime
2012-07-14 13:06 . 2012-07-14 13:06 -------- d-----w- c:\program files\NetLimiter 3
2012-07-14 13:00 . 2012-07-14 21:47 -------- d-----w- c:\program files (x86)\NetPeeker
2012-07-14 00:02 . 2012-07-14 00:10 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\Trine2
2012-07-13 23:15 . 2012-07-13 23:15 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\six-zsync
2012-07-13 21:43 . 2012-07-13 21:43 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-13 21:17 . 2012-07-13 21:17 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\fltk.org
2012-07-13 21:17 . 2012-07-13 21:17 -------- d-----w- c:\programdata\fltk.org
2012-07-12 22:54 . 2012-07-12 22:54 -------- d-----w- c:\programdata\TriDef 3D
2012-07-12 22:53 . 2012-07-12 22:54 -------- d-----w- c:\program files (x86)\TriDef 3D
2012-07-11 02:51 . 2012-07-11 02:51 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\fontconfig
2012-07-11 02:51 . 2012-07-11 02:54 -------- d-----w- c:\users\Bryan-SIZZLE\.gimp-2.8
2012-07-11 02:51 . 2012-07-11 02:51 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\gegl-0.2
2012-07-11 02:43 . 2012-07-11 02:43 -------- d-----w- c:\program files\GIMP 2
2012-07-10 19:56 . 2012-07-10 19:56 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\WebApp
2012-07-10 19:54 . 2012-07-10 20:35 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Cyberlink
2012-07-10 19:54 . 2012-07-10 19:54 -------- d-----w- c:\users\Public\CyberLink
2012-07-10 19:54 . 2012-07-10 19:54 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\CyberLink
2012-07-10 19:38 . 2012-07-10 19:38 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-07-10 19:30 . 2012-07-10 19:54 -------- d-----w- c:\programdata\CyberLink
2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files (x86)\CyberLink
2012-07-10 19:30 . 2012-07-10 19:27 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-07-10 19:20 . 2012-07-10 19:20 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Licenses
2012-07-10 18:53 . 2012-07-10 18:53 -------- d-----w- c:\programdata\DDD
2012-07-10 18:43 . 2012-07-10 18:43 -------- d-----w- C:\Swsetup
2012-07-08 20:33 . 2012-07-08 20:33 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\KodakGallery
2012-07-08 20:33 . 2012-07-08 20:33 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\Skinux
2012-07-08 20:33 . 2012-07-08 20:33 -------- d-----w- c:\program files (x86)\Kodak
2012-07-08 20:27 . 2012-07-09 18:56 -------- d-----w- c:\programdata\Kodak
2012-07-04 12:21 . 2012-07-04 12:21 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\dvdcss
2012-07-03 20:55 . 2012-07-03 20:55 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\BF68.tmp
2012-07-03 12:55 . 2012-07-03 12:55 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-07-02 13:24 . 2012-07-02 13:24 -------- d-----w- C:\$AVG
2012-07-01 17:49 . 2012-07-08 20:34 -------- d-----w- c:\programdata\NCH Software
2012-07-01 17:49 . 2012-07-01 17:50 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\NCH Software
2012-07-01 17:49 . 2012-07-01 17:49 -------- d-----w- c:\program files (x86)\NCH Software
2012-07-01 17:07 . 2012-07-01 17:07 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\Moyea
2012-07-01 16:01 . 2012-07-01 16:01 -------- d-----w- c:\windows\en
2012-07-01 15:59 . 2012-07-01 16:00 -------- d-----w- c:\program files (x86)\Windows Live
2012-07-01 15:58 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-01 15:58 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-01 15:58 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-07-01 15:58 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-07-01 15:58 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-07-01 15:58 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-07-01 15:58 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-01 15:58 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2012-07-01 15:58 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-07-01 15:58 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-07-01 15:58 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2012-07-01 15:57 . 2012-07-01 17:04 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Windows Live
2012-07-01 15:57 . 2012-07-01 15:57 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-07-01 14:10 . 2012-07-03 12:10 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-07-01 13:27 . 2012-07-01 13:27 -------- d-----w- c:\programdata\Innovative Solutions
2012-07-01 13:27 . 2012-07-01 13:27 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Local\Innovative Solutions
2012-07-01 13:27 . 2012-07-01 13:27 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2012-07-01 13:27 . 2009-11-05 17:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2012-06-27 13:44 . 2012-06-27 13:44 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\DivX
2012-06-20 12:05 . 2012-06-20 12:05 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 12:05 . 2012-06-20 12:05 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 19:01 . 2012-07-15 02:48 -------- d-----w- c:\users\Bryan-SIZZLE\AppData\Roaming\FileZilla
2012-06-18 19:01 . 2012-06-18 19:01 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 01:56 . 2012-05-17 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:56 . 2012-01-18 04:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 19:27 . 2003-03-19 00:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-10 19:27 . 2003-02-21 08:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-01 15:59 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-16 23:07 . 2012-05-16 23:07 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-16 23:07 . 2012-05-16 23:07 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_12.43.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-18 03:58 . 2012-07-15 18:18 76472 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 18:18 36050 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-18 03:51 . 2012-07-15 18:18 12282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088667709-536041987-3908315315-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-07-15 17:58 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-14 19:08 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-05-07 12:53 . 2012-07-15 21:20 61210 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2012-05-07 12:53 . 2012-07-15 01:31 61210 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2012-01-18 19:45 . 2012-07-15 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-18 19:45 . 2012-07-15 18:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-18 19:45 . 2012-07-15 18:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-18 19:45 . 2012-07-15 02:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 18:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-15 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-18 03:58 . 2012-07-15 12:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-18 03:58 . 2012-07-16 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-18 03:58 . 2012-07-15 12:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-18 03:58 . 2012-07-16 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-08 12:31 . 2012-04-08 12:31 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-07-15 19:44 . 2012-07-15 19:44 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-07-15 19:44 . 2012-07-15 19:44 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-08 12:31 . 2012-04-08 12:31 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-07-13 21:43 . 2012-07-13 21:43 49152 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\NewShortcut1_1877691BA9CA49978E7B7D10DB52D662.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 49152 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\NewShortcut1_1877691BA9CA49978E7B7D10DB52D662.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\ARPPRODUCTICON.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\ARPPRODUCTICON.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 65536 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_F24D46EE01144E2DBA672468128F58C7.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 65536 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_F24D46EE01144E2DBA672468128F58C7.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 65536 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_E0DD0822C009413E934D5F61B0EBABD5.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 65536 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_E0DD0822C009413E934D5F61B0EBABD5.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_7BFF68B9DEB04E10ABCC3BDF5305A517.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_7BFF68B9DEB04E10ABCC3BDF5305A517.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_735AD1EF58D64F7A94B7BE75AE8E09C5.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_735AD1EF58D64F7A94B7BE75AE8E09C5.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_1CD630E96E754A81A73AF1C814A3CE2A.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_1CD630E96E754A81A73AF1C814A3CE2A.exe
+ 2012-07-15 21:52 . 2012-07-15 21:52 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_18DAAE09378D4825B77D5AE983E563D0.exe
- 2012-07-13 21:43 . 2012-07-13 21:43 57344 c:\windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_18DAAE09378D4825B77D5AE983E563D0.exe
+ 2012-07-15 20:01 . 2012-07-15 20:01 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-01-18 04:05 . 2012-07-15 12:42 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-01-18 04:05 . 2012-07-15 17:59 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-15 18:16 . 2012-07-15 21:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 18:16 . 2012-07-15 21:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-15 12:43 . 2012-07-15 12:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-15 21:26 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-17 21:18 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-17 21:18 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-15 21:26 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-07-15 17:58 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-14 19:08 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:01 . 2012-07-15 17:59 583732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-15 12:42 583732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-08 12:31 . 2012-04-08 12:31 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-07-14 02:34 . 2012-07-15 19:53 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-15 01:41 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-15 19:44 . 2012-07-15 19:44 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 5145936 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 5145936 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 4960080 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 4960080 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-08 12:31 . 2012-04-08 12:31 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-07-15 19:44 . 2012-07-15 19:44 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-08 12:31 . 2012-04-08 12:31 2970968 c:\windows\assembly\temp\CB6F5WHLQF\System.Data.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-16 23:06 . 2012-05-16 23:06 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-15 20:01 . 2012-07-15 20:01 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-18 04:09 . 2012-07-15 17:59 24022541 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088667709-536041987-3908315315-1000-8192.dat
- 2012-01-18 04:09 . 2012-07-15 12:42 24022541 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088667709-536041987-3908315315-1000-8192.dat
+ 2012-07-15 21:51 . 2012-07-15 21:51 17066496 c:\windows\Installer\1c231e.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-01-18 1242448]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2012-03-04 232032]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2012-06-04 3029112]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Razer TRON Driver"="c:\program files (x86)\Razer\Razer TRON\RazerTRONSysTray.exe" [2010-11-16 956304]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"AVG_TRAY"="d:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
.
c:\users\Bryan-SIZZLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2012-2-3 350208]
SickBeard - Shortcut.lnk - d:\program files (x86)\Sickbeard\SickBeard-win32-alpha-build492\SickBeard.exe [2012-2-11 26112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2012-3-8 1169920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/10 15:30;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\BRYAN-~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-02-08 12904]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-14 157184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-19 279616]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys [2010-09-21 43136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-02 258688]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Fishbowl\database\bin\fb_inet_server.exe [2010-09-17 5604864]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-09-17 16512]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [2011-03-29 1254464]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASFLTDRV.SYS
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 01:56]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1088667709-536041987-3908315315-1000Core.job
- c:\users\Bryan-SIZZLE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 18:18]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1088667709-536041987-3908315315-1000UA.job
- c:\users\Bryan-SIZZLE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 18:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Bryan-SIZZLE\AppData\Roaming\Mozilla\Firefox\Profiles\ytghfu1z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co...F-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye for A2 - d:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088667709-536041987-3908315315-1000\Software\SecuROM\License information*]
"datasecu"=hex:1e,2f,25,98,47,91,00,f7,66,1f,4f,75,9e,9b,0a,98,12,5d,21,cf,4b,
50,11,74,3c,d1,1a,e7,03,76,5e,c3,90,06,79,9f,b2,6a,d4,4e,6c,f7,ca,2d,4e,c5,\
"rkeysecu"=hex:0b,be,1e,05,ee,44,41,c1,8b,3e,23,e9,e9,e4,2f,0b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-16 09:19:53
ComboFix-quarantined-files.txt 2012-07-16 13:19
ComboFix2.txt 2012-07-15 12:45
.
Pre-Run: 11,423,797,248 bytes free
Post-Run: 11,464,912,896 bytes free
.
- - End Of File - - 10C41DAE09ABEC45E761B9412A0D12FA


I am still getting redirected by my browser in both firefox and chrome. I am getting redirected to this site: http://newsfudge.com/energy-policy/lets-call-them-hydrocarbon-deniers/

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 16 July 2012 - 10:42 PM

Greetings


I want you to uninstall firefox and if asked about user data or settings then remove that also


Restart the computer and reinstall firefox and let me know if it is still redirecting



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 19 July 2012 - 12:19 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 callmeevo

callmeevo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 20 July 2012 - 09:52 AM

Sorry - Missed that e-mail somehow.
I uninstalled/reinstalled firefox. It does not appear to be redirecting anymore. I have no more visible signs of infection.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 20 July 2012 - 09:56 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 callmeevo

callmeevo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 20 July 2012 - 09:58 PM

µTorrent
7-Zip 9.22beta
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Advanced Uninstaller PRO - Version 11
AI Suite II
AIM 7
Alan Wake
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
Asmedia ASM104x USB 3.0 Host Controller Driver
Audiosurf
AutoHotkey 1.1.05.06
Baldur's Gate™ II - Shadows of Amn™
Bamboo
Bastion
Batman: Arkham Asylum GOTY Edition
Batman: Arkham City™
BattlEye for OA Uninstall
BattlEye Uninstall
Beat Hazard
BioShock 2
BIT.TRIP RUNNER
Borderlands
Braid
Breath of Death VII
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center InstallProxy
Classic Menu for Office Enterprise 2010
Cogs
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - EN
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
Crayon Physics Deluxe
Creation Kit
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
Darksiders
dBpoweramp Music Converter
Dead Island
Deus Ex Human Revolution Augmented Edition Bonus Content
Deus Ex: Human Revolution - The Missing Link
Diablo III
Diablo III Beta
DiRT 2
Disk Unlocker
DivX Setup
Dota 2
Download Updater (AOL LLC)
Dropbox
Dungeon Defenders
Eufloria
FileZilla Client 3.5.3
Fishbowl Inventory 2012.6
FLAC To MP3 V4.0.4
GmoteServer
Google Chrome
GoToMeeting 5.1.0.880
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP 3D Photo Samples
HP USB Disk Storage Format Tool
Intel® Management Engine Components
Intel® Watchdog Timer Driver (Intel® WDT)
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
JMicron JMB36X Driver
Kingdoms of Amalur Reckoning
League of Legends
LIMBO
LinuxLive USB Creator
LogMeIn Hamachi
Lone Survivor
Magic Online
Magicka
marvell 91xx driver
Mass Effect
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mixxx 1.10.0
Mobile Mouse Server
Monday Night Combat
Movica
Moyea FLV to Video Converter Pro 2 version 2.5.1.1757
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-US)
MSVCRT
Mumble 1.2.3
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Office Tab
ooVoo
OpenAL
OpenOffice.org 3.3
OpenPandora 0.7.0.6
Orcs Must Die!
Origin
Pando Media Booster
PAYDAY: The Heist
PDF Settings CS5
Peggle Deluxe
Peggle Nights
Pidgin
Plex
Plex Media Server
Portal
Prism Video File Converter
Puss In Boots 3D DEMO
QuickPar 0.9
Rainmeter
Rapture3D 2.3.26 Game
Rayman Origins
Razer Imperator
Razer Imperator Firmware Updater
Razer Lycosa
Razer Nostromo
Razer TRON
Realtek High Definition Audio Driver
Reason 5.0
Recettear: An Item Shop's Tale
Remote Mouse version 1.50
Revo Uninstaller 1.94
S.T.A.L.K.E.R.: Shadow of Chernobyl
SABnzbd 0.6.15
Saints Row 2
Saints Row: The Third
Sanctum
Sequence
Shank
Six Updater
SkyDrift Demo
Skype™ 5.5
SpeedFan (remove only)
Spellforce 2: Gold Edition
Spotify
Star Wars: The Old Republic
Steam
Super Meat Boy
Super MNC Invitational
Superbrothers: Sword & Sworcery EP
Team Fortress 2
TeamSpeak 3 Client
Terraria
The Binding Of Isaac
The Chronicles of Riddick: Assault on Dark Athena
The Elder Scrolls III: Morrowind
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Witcher: Enhanced Edition
Total War: SHOGUN 2
Tribes: Ascend
TriDef 3D 5.3
Trine
Trine 2
Two Worlds II
Unified Remote
Universe Sandbox
Uplink
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
Warcraft III
Warhammer® 40,000®: Dawn of War® II – Retribution™
Waves
WebTablet IE Plugin
WebTablet Netscape Plugin
WinDirStat 1.1.2
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.10 (32-bit)
Worms Reloaded
XSplit
XtremeTuner HD

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 20 July 2012 - 11:00 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 22
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 callmeevo

callmeevo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 21 July 2012 - 07:41 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bryan-SIZZLE :: BRYAN-SIZZLE-PC [administrator]

7/21/2012 8:37:09 AM
mbam-log-2012-07-21 (08-37-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236889
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:38:36 AM, on 7/21/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Users\Bryan-SIZZLE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
D:\Program Files (x86)\Sickbeard\SickBeard-win32-alpha-build492\SickBeard.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
D:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Bryan-SIZZLE\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKCU\..\Run: [DisplayFusion] "d:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bryan-SIZZLE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-1088667709-536041987-3908315315-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1088667709-536041987-3908315315-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O4 - Startup: SickBeard - Shortcut.lnk = D:\Program Files (x86)\Sickbeard\SickBeard-win32-alpha-build492\SickBeard.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASDiskUnlocker - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2012/07/10 15:30:59 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Fishbowl\database\bin\fb_inet_server.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15616 bytes

No problems with execution, my computer appears to be fine now.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 PM

Posted 21 July 2012 - 10:20 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
      O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bryan-SIZZLE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-1088667709-536041987-3908315315-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1088667709-536041987-3908315315-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Dropbox.lnk = C:\Users\Bryan-SIZZLE\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
      O4 - Startup: SickBeard - Shortcut.lnk = D:\Program Files (x86)\Sickbeard\SickBeard-win32-alpha-build492\SickBeard.exe
      O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users