Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with get fast answer


  • This topic is locked This topic is locked
24 replies to this topic

#1 googly10194

googly10194

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 23 July 2012 - 02:44 PM

Hi,

Pasting in additional information from another post. ~ OB

I have run Malware anti bytes, but it is not reporting anything. I have active Mcafee antivirus running and nothing seems to be amiss.

Any help in solving the issue would be appreciated.

End of added information. ~ OB

I have windows 7 running ( 64 bit) and have Mcafee as antivirus running in the system.I am getting redirected while using google search using firefox.I didnot run gmer because I have a 64 bit system.

My dds log is as follows

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Pramod at 11:34:34 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.5429 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://lenovo.msn.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626004638.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Mozilla] rundll32.exe "C:\Users\Pramod\AppData\Local\SoftGrid Client\Mozilla\jakdsana.dll",CreateInstance
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Pramod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49}\2427967686474596765627D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49}\B4E45647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{472F9092-DB4B-4A22-B4D5-F02622BB2B6A} : DhcpNameServer = 10.36.40.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO-X64: XFINITY Toolbar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626004638.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBK755Filter;MOBK755Filter;C:\windows\system32\DRIVERS\MOBK755.sys --> C:\windows\system32\DRIVERS\MOBK755.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R1 winioex;winioex;C:\windows\system32\drivers\winioex.sys --> C:\windows\system32\drivers\winioex.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2010-1-8 285744]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-21 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-12 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-12 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-21 2009704]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-21 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\system32\DRIVERS\delayman.sys --> C:\windows\system32\DRIVERS\delayman.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\usbvideo.sys --> C:\windows\system32\Drivers\usbvideo.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/07/21 11:50:04;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2010-10-13 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-3 250056]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-12 16:30:19 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 21:25:23 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 21:25:22 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 21:25:22 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 21:25:02 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-02 02:34:58 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-02 02:34:58 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 23:27:19 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-29 23:27:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 07:46:37 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
.
==================== Find3M ====================
.
2012-07-11 18:45:13 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:45:13 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 11:40:18.74 ===============

Attached Files


Edited by Orange Blossom, 24 July 2012 - 12:25 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 AM

Posted 28 July 2012 - 02:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462117 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 28 July 2012 - 10:46 PM

Hi,
I am using windows 7 (64 bit) home version. I am getting redirected randomly when I search on google. After a couple of times I am able to go to a search result directly without being redirected.

I dont have the original Windows Cd/DVD.

I have the Mcafee Internet security enabled and firewall on .I have run Malware bytes and it comes out clean. I ran the DDS as per the instructions.I didnot run Gmer as I have 64 bit operating system.

I still need help with removing the malware.Thanks for the help.I really appreciate the good work that you all are doing.Attached File  Attach.txt   4.95KB   0 downloads

DDs log is below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Pramod at 20:24:07 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.6025 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://lenovo.msn.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626004638.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Mozilla] rundll32.exe "C:\Users\Pramod\AppData\Local\SoftGrid Client\Mozilla\jakdsana.dll",CreateInstance
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Pramod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49}\2427967686474596765627D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49}\B4E45647 : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO-X64: XFINITY Toolbar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626004638.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBK755Filter;MOBK755Filter;C:\windows\system32\DRIVERS\MOBK755.sys --> C:\windows\system32\DRIVERS\MOBK755.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R1 winioex;winioex;C:\windows\system32\drivers\winioex.sys --> C:\windows\system32\drivers\winioex.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-21 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-12 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-12 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-12 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-21 2009704]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-21 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\system32\DRIVERS\delayman.sys --> C:\windows\system32\DRIVERS\delayman.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\usbvideo.sys --> C:\windows\system32\Drivers\usbvideo.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/07/21 11:50:04;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2010-10-13 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-3 250056]
S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-25 15:26:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02455AFA-C979-4D3F-AD01-04D609227EEE}\offreg.dll
2012-07-24 20:31:36 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02455AFA-C979-4D3F-AD01-04D609227EEE}\mpengine.dll
2012-07-12 16:30:19 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 21:25:23 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 21:25:22 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 21:25:22 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 21:25:02 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-02 02:34:58 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-02 02:34:58 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 23:27:19 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-29 23:27:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-07-11 18:45:13 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:45:13 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
.
============= FINISH: 20:25:07.78 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 29 July 2012 - 01:54 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 29 July 2012 - 06:03 PM

Hi,
Thank you for the quick reply
I ran the combofix - First time it got stalled after it was trying to create a log, 2nd time it ran well.
My google search is still getting redirected.

My security check report is as follows

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
McAfee Online Backup MOBK755backup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


My combofix log file is as follows


ComboFix 12-07-29.02 - Pramod 07/29/2012 14:48:23.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.5955 [GMT -7:00]
Running from: c:\users\Pramod\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Pramod\AppData\Local\SoftGrid Client\Mozilla\jakdsana.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 21:58 . 2012-07-29 21:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-29 21:58 . 2012-07-29 21:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-29 21:58 . 2012-07-29 21:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-29 21:58 . 2012-07-29 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 21:58 . 2012-07-29 21:58 -------- d-----w- c:\users\Anu\AppData\Local\temp
2012-07-29 21:20 . 2012-07-29 21:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F907F6E-C187-4EDC-96C5-0F2B74AC1BB7}\offreg.dll
2012-07-29 21:15 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F907F6E-C187-4EDC-96C5-0F2B74AC1BB7}\mpengine.dll
2012-07-29 03:45 . 2012-07-29 03:45 9230024 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-12 16:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 21:25 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 21:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 21:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-02 02:34 . 2012-07-02 02:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-02 02:34 . 2012-07-02 02:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 23:27 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 23:27 . 2012-07-22 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 03:45 . 2012-06-03 19:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 03:45 . 2011-11-25 16:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 16:26 . 2011-12-05 20:10 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 16:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-12 17:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:28 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:28 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 17:28 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-17_08.20.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-18 04:41 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-11 21:24 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-11 21:24 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
- 2012-01-18 04:41 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-12 16:25 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-04-12 14:16 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-12 16:25 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-12 14:16 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-07-12 16:25 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-03-20 05:12 . 2012-03-20 05:12 25088 c:\windows\SysWOW64\igfxexps32.dll
+ 2012-03-20 06:25 . 2012-03-20 06:25 58880 c:\windows\SysWOW64\igdde32.dll
+ 2012-07-22 16:55 . 2012-07-22 16:55 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-17 07:41 . 2012-05-17 07:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-07-29 03:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-17 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-17 07:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 03:45 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 03:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-22 16:58 46432 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-22 16:58 38376 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-03-13 21:04 . 2012-01-25 06:38 77312 c:\windows\system32\rdpwsx.dll
+ 2012-06-12 17:28 . 2012-04-26 05:41 77312 c:\windows\system32\rdpwsx.dll
+ 2012-07-12 16:25 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-04-12 14:16 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-07-12 16:25 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-04-12 14:16 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2012-07-12 16:25 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2011-07-21 11:09 . 2012-03-20 05:17 63488 c:\windows\system32\igfxsrvc.dll
- 2011-07-21 11:09 . 2011-03-26 00:39 28672 c:\windows\system32\igfxexps.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 28672 c:\windows\system32\igfxexps.dll
+ 2012-03-20 06:42 . 2012-03-20 06:42 90112 c:\windows\system32\igfxCoIn_v2696.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 79360 c:\windows\system32\igdde64.dll
+ 2012-06-12 07:15 . 2010-09-20 10:27 66040 c:\windows\system32\DRVSTORE\MOBK755_38A63B7A7693DA7A3CDCA52E7BE66B8A633256CE\MOBK755.sys
- 2009-07-14 05:30 . 2012-04-20 16:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-15 04:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-12 07:14 . 2012-02-22 20:29 75936 c:\windows\system32\DriverStore\FileRepository\mfenlfk.inf_amd64_neutral_acec8c424d80b3f4\mfenlfk.sys
+ 2012-03-20 05:09 . 2012-03-20 05:09 52736 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\OpenCL64.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 51200 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\OpenCL.dll
+ 2012-03-20 06:42 . 2012-03-20 06:42 90112 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igxpco64.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 63488 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxsrvc.dll
+ 2012-03-20 05:12 . 2012-03-20 05:12 25088 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxexps32.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 28672 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxexps.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 79360 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdde64.dll
+ 2012-03-20 06:25 . 2012-03-20 06:25 58880 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdde32.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 94208 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\IccLibDll_x64.dll
+ 2012-06-12 07:15 . 2010-09-20 10:27 66040 c:\windows\system32\drivers\MOBK755.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 75936 c:\windows\system32\drivers\mfenlfk.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 10248 c:\windows\system32\drivers\mfeclnk.sys
- 2012-01-18 04:41 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-07-11 21:24 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 65264 c:\windows\system32\drivers\cfwids.sys
+ 2011-11-24 13:52 . 2012-07-29 21:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-24 13:52 . 2012-05-15 22:47 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-24 13:52 . 2012-07-29 21:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-24 13:52 . 2012-05-15 22:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 22:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 21:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-23 19:32 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-05-11 16:25 . 2012-05-11 16:25 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-11 16:24 . 2012-05-11 16:24 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 15:08 . 2012-06-13 15:08 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 15:08 . 2012-06-13 15:08 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 11:55 . 2012-04-11 11:55 41472 c:\windows\Installer\719e1df.msi
+ 2012-07-13 15:13 . 2012-07-13 15:13 25600 c:\windows\Installer\4d4e946.msi
+ 2012-06-05 04:44 . 2012-06-05 04:44 10134 c:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
+ 2012-06-14 14:08 . 2012-06-14 14:08 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\fbca78795c4dd2a0df1fbc45cef56513\WindowsLiveWriter.ni.exe
+ 2012-06-13 15:33 . 2012-06-13 15:33 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e28f49dd1f5a60a11b6a2ea060cb6d86\WindowsLiveWriter.ni.exe
+ 2012-06-13 15:34 . 2012-06-13 15:34 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\9c64ecb6b01e37720f4c0bbce38b2aa9\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-05 04:44 . 2012-06-05 04:44 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.SessionManager\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.SessionManager.dll
+ 2012-06-05 04:44 . 2012-06-05 04:44 32312 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.ServiceFacade\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.ServiceFacade.dll
+ 2012-07-11 21:24 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2011-12-15 21:08 . 2012-07-12 16:46 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-26 16:50 . 2012-07-22 16:58 8842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2138236807-1451817511-1320269885-1001_UserData.bin
+ 2012-06-12 17:28 . 2012-04-26 05:34 9216 c:\windows\system32\rdrmemptylst.exe
- 2012-03-13 21:04 . 2012-01-25 06:33 9216 c:\windows\system32\rdrmemptylst.exe
+ 2012-07-11 21:24 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 9216 c:\windows\system32\IGFXDEVLib.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 9216 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\IGFXDEVLib.dll
+ 2012-07-22 16:56 . 2012-07-22 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 07:42 . 2012-05-17 07:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 07:42 . 2012-05-17 07:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-22 16:56 . 2012-07-22 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-12 16:25 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
- 2012-04-12 14:16 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-11 21:24 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
+ 2012-06-15 04:53 . 2011-03-31 03:40 644712 c:\windows\SysWOW64\NV\igdumd32.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-11 21:24 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-29 03:45 . 2012-07-29 03:45 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-29 03:45 . 2012-07-29 03:45 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
+ 2012-07-11 18:45 . 2012-07-11 18:45 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-06-03 19:38 . 2012-07-29 03:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-12 14:16 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-07-12 16:25 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 276248 c:\windows\SysWOW64\IntelCpHeciSvc.exe
+ 2012-03-20 05:09 . 2012-03-20 05:09 519680 c:\windows\SysWOW64\iglhsip32.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 177152 c:\windows\SysWOW64\iglhcp32.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 963912 c:\windows\SysWOW64\igkrng600.bin
+ 2012-03-20 05:11 . 2012-03-20 05:11 325120 c:\windows\SysWOW64\igfxdv32.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 237056 c:\windows\SysWOW64\igfxcmrt32.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 261208 c:\windows\SysWOW64\igfcg600m.bin
- 2011-12-05 20:44 . 2011-12-05 20:44 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-12 16:25 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-12 16:25 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2012-04-12 14:16 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-12 17:28 . 2012-04-24 04:36 140288 c:\windows\SysWOW64\cryptsvc.dll
+ 2012-06-12 17:28 . 2012-04-24 04:36 103936 c:\windows\SysWOW64\cryptnet.dll
+ 2012-07-11 21:24 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 805376 c:\windows\SysWOW64\cdosys.dll
+ 2011-11-25 15:40 . 2012-07-29 20:57 291480 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-11-25 08:51 . 2012-07-29 05:21 305378 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-04-12 14:16 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
+ 2012-07-12 16:25 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
- 2012-01-18 04:41 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
+ 2012-07-11 21:24 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
- 2012-03-13 21:04 . 2012-01-25 06:38 149504 c:\windows\system32\rdpcorekmts.dll
+ 2012-06-12 17:28 . 2012-04-26 05:41 149504 c:\windows\system32\rdpcorekmts.dll
+ 2009-07-14 02:36 . 2012-07-29 21:01 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 21:01 106942 c:\windows\system32\perfc009.dat
+ 2012-07-11 21:24 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-06-12 06:12 . 2012-03-20 20:11 162192 c:\windows\system32\mfevtps.exe
+ 2012-07-29 03:45 . 2012-07-29 03:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-29 03:45 . 2012-07-29 03:45 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
+ 2012-07-11 18:45 . 2012-07-11 18:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_Plugin.exe
+ 2012-07-12 16:25 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
- 2012-04-12 14:16 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 524800 c:\windows\system32\iglhsip64.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 213504 c:\windows\system32\iglhcp64.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 963912 c:\windows\system32\igkrng600.bin
+ 2012-03-20 06:44 . 2012-03-20 06:44 170264 c:\windows\system32\igfxtray.exe
+ 2012-03-20 05:18 . 2012-03-20 05:18 410624 c:\windows\system32\igfxTMM.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 509720 c:\windows\system32\igfxsrvc.exe
+ 2012-03-20 05:18 . 2012-03-20 05:18 386560 c:\windows\system32\igfxpph.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 439064 c:\windows\system32\igfxpers.exe
+ 2012-03-20 06:44 . 2012-03-20 06:44 250136 c:\windows\system32\igfxext.exe
+ 2012-03-20 05:16 . 2012-03-20 05:16 142336 c:\windows\system32\igfxdo.dll
- 2011-07-21 11:09 . 2011-03-26 00:38 142336 c:\windows\system32\igfxdo.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 434688 c:\windows\system32\igfxdev.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 193024 c:\windows\system32\igfxcmrt64.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 261208 c:\windows\system32\igfcg600m.bin
+ 2012-07-12 16:25 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
- 2011-12-05 20:44 . 2011-12-05 20:44 173056 c:\windows\system32\ieUnatt.exe
- 2012-04-12 14:16 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
+ 2012-07-12 16:25 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 398616 c:\windows\system32\hkcmd.exe
+ 2011-07-21 11:09 . 2012-03-20 05:17 110592 c:\windows\system32\hccutils.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 172032 c:\windows\system32\gfxSrvc.dll
- 2009-07-14 04:45 . 2012-05-11 16:45 309352 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-07-12 16:47 309352 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-04-20 16:19 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-15 04:51 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-15 04:50 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-27 00:27 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-20 06:03 . 2012-03-20 06:03 236544 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\IntelOpenCL64.dll
+ 2012-03-20 06:00 . 2012-03-20 06:00 188416 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\IntelOpenCL32.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 276248 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\IntelCpHeciSvc.exe
+ 2012-03-20 05:09 . 2012-03-20 05:09 524800 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\iglhsip64.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 519680 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\iglhsip32.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 213504 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\iglhcp64.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 177152 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\iglhcp32.dll
+ 2012-03-20 06:37 . 2012-03-20 06:37 755188 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igkrng700.bin
+ 2012-03-20 06:31 . 2012-03-20 06:31 963912 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igkrng600.bin
+ 2012-03-20 06:44 . 2012-03-20 06:44 170264 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxtray.exe
+ 2012-03-20 05:18 . 2012-03-20 05:18 410624 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxTMM.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 509720 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxsrvc.exe
+ 2012-03-20 05:18 . 2012-03-20 05:18 386560 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxpph.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 439064 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxpers.exe
+ 2012-03-20 06:44 . 2012-03-20 06:44 250136 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxext.exe
+ 2012-03-20 05:11 . 2012-03-20 05:11 325120 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxdv32.dll
+ 2012-03-20 05:16 . 2012-03-20 05:16 142336 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxdo.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 434688 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxdev.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 193024 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxcmrt64.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 237056 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxcmrt32.dll
+ 2012-03-20 06:37 . 2012-03-20 06:37 561508 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfcg700m.bin
+ 2012-03-20 06:31 . 2012-03-20 06:31 261208 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfcg600m.bin
+ 2012-03-20 06:03 . 2012-03-20 06:03 591872 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdrcl64.dll
+ 2012-03-20 06:00 . 2012-03-20 06:00 518144 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdrcl32.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 145804 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igcompkrng600.bin
+ 2012-03-20 06:44 . 2012-03-20 06:44 398616 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\hkcmd.exe
+ 2012-03-20 05:17 . 2012-03-20 05:17 110592 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\hccutils.dll
+ 2012-03-20 05:17 . 2012-03-20 05:17 172032 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\gfxSrvc.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 184600 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\difx64.exe
+ 2012-06-12 17:28 . 2012-04-28 03:55 210944 c:\windows\system32\drivers\rdpwd.sys
- 2012-03-13 21:04 . 2012-02-17 04:58 210944 c:\windows\system32\drivers\rdpwd.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 289664 c:\windows\system32\drivers\mfewfpk.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 100912 c:\windows\system32\drivers\mferkdet.sys
+ 2012-02-22 20:29 . 2012-02-22 20:29 647208 c:\windows\system32\drivers\mfehidk.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 487296 c:\windows\system32\drivers\mfefirek.sys
+ 2012-06-12 07:14 . 2012-02-22 20:29 229528 c:\windows\system32\drivers\mfeavfk.sys
+ 2012-02-22 20:29 . 2012-02-22 20:29 160792 c:\windows\system32\drivers\mfeapfk.sys
+ 2012-07-11 21:24 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-11 21:24 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
+ 2012-03-20 06:44 . 2012-03-20 06:44 184600 c:\windows\system32\difx64.exe
+ 2012-06-12 17:28 . 2012-04-24 05:37 184320 c:\windows\system32\cryptsvc.dll
+ 2012-06-12 17:28 . 2012-04-24 05:37 140288 c:\windows\system32\cryptnet.dll
- 2009-07-14 05:01 . 2012-05-17 07:41 292324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-22 16:52 292324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-02 15:45 . 2012-06-07 03:14 809940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1004-8192.dat
- 2012-04-02 15:45 . 2012-04-26 22:32 809940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1004-8192.dat
+ 2012-04-21 18:03 . 2012-04-21 18:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-06-12 17:27 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
- 2012-04-12 05:04 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 18:03 . 2012-04-21 18:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-12 05:04 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-12 17:27 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 15:08 . 2012-06-13 15:08 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 15:08 . 2012-06-13 15:08 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-13 15:22 . 2012-06-13 15:22 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\88618d3ecf29f3fdeb504a7e8128d109\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-13 15:53 . 2012-06-13 15:53 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cb90e8f4f8a6b23eb9f56c7e2e866bcf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll
+ 2012-06-13 15:56 . 2012-06-13 15:56 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll
+ 2012-06-13 15:55 . 2012-06-13 15:55 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-13 15:55 . 2012-06-13 15:55 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 15:55 . 2012-06-13 15:55 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-06-13 15:55 . 2012-06-13 15:55 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-06-13 15:33 . 2012-06-13 15:33 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\fb2db09fc3c7534c48e4ffb800b4eae4\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\5b4b71fd140484201d0e285a14cce17a\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f31a43c2747d5ff6c04f18b52a57830b\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e92c100773e1aa6e0094ac430b496ace\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e35141184454c11a98f333c5b7b5c4c3\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dff2b634dc4abb69418544d70f8bd394\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b21e4db57ba747a8f2fb795e9ecb0231\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac47170bea9a3515287134ce8c3dae4a\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8dc8e8c697ee5776dce89a4998aef032\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8adf64dec1f056a5c36720ac34045370\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8869a13f99fcb0fca2fa01c0be03867a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\882aeb909ff121fae01034b7e9627936\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8604cd9caea2cd396828eba3215297a3\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8437eb811a83c1d04c10c6d91abc606b\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f110f192197df8fd4d84e270edf7825\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\45b3fc1acb59ae569e76fc4dd74f4203\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e388ec2100141e62e0f3cb81aa42ce0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2bfd2895928710d7cf422c48b6e915d0\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1f656f3fa30308b12da809d7704a6984\WindowsLive.Writer.Api.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1af8e0bd9d63b6263bda26b9ffc1f053\WindowsLive.Writer.Api.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a45b8ccff844add171e378275d632b2\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0637303568c375a82402d3d8d76eb50a\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\c5d63c774d84fccad17b4215692d4f02\WindowsLive.Client.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\151ab6368a4a6dc8422e625bfe9adc4a\WindowsLive.Client.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-13 15:53 . 2012-06-13 15:53 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BB.tmp\TaskScheduler.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-13 15:53 . 2012-06-13 15:53 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ac7909b6838589158fe3f6a8190018eb\TaskScheduler.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\c7f44adc1a0b2eb2b0636ee4a202419a\System.Web.Routing.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1d9398c255b8fdb9b9347e463d99a7e3\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ba3dd9383f752d46e80a33b769dda73d\System.Web.Entity.Design.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b026d4636999893a3c741f1f7e7ccdaf\System.Web.DynamicData.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\24547c0fc525c5e061bb1ae66b965469\System.Web.Abstractions.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\441f16bb7547cc6f2435d43e68002a47\System.ServiceProcess.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f9a982c40c3d777c1091e3801874acc9\System.Messaging.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\33582b127d761babf8c8cdfe4e43749a\System.Drawing.Design.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\717221d971aeead5d8956225c365ddff\napsnap.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c22cc9e6e124357491b5a38258973a01\napinit.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\8e2a9204e6166b8b27687560a17f62d9\MMCFxCommon.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\e901c3772777a59b870c0ff1a377f328\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 475648 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\064f94f282dacefe99ee6184ab2f4a1d\EventViewer.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
- 2012-04-12 05:04 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-12 17:27 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-12 16:25 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-12 16:25 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-06-12 17:28 . 2012-04-07 11:26 2342400 c:\windows\SysWOW64\msi.dll
+ 2012-07-11 18:45 . 2012-07-11 18:45 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2012-07-11 18:45 . 2012-07-11 18:45 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
+ 2012-07-12 16:25 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 2321408 c:\windows\SysWOW64\igfxcmjit32.dll
+ 2012-03-20 06:26 . 2012-03-20 06:26 6120960 c:\windows\SysWOW64\igdumd32.dll
+ 2011-07-21 11:09 . 2012-03-20 06:11 7795200 c:\windows\SysWOW64\igd10umd32.dll
+ 2012-07-12 16:25 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-12 16:25 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-06-12 17:28 . 2012-04-24 04:36 1158656 c:\windows\SysWOW64\crypt32.dll
+ 2012-07-12 16:25 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-07-12 16:25 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-06-12 17:28 . 2012-04-07 12:31 3216384 c:\windows\system32\msi.dll
+ 2012-07-12 16:25 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
+ 2011-07-21 11:09 . 2012-03-20 05:16 9007616 c:\windows\system32\igfxress.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 2967040 c:\windows\system32\igfxcmjit64.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 8087040 c:\windows\system32\igdumd64.dll
+ 2011-07-21 11:09 . 2012-03-20 06:22 9605632 c:\windows\system32\igd10umd64.dll
+ 2012-07-12 16:25 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 5888792 c:\windows\system32\GfxUI.exe
+ 2012-03-20 05:16 . 2012-03-20 05:16 9007616 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxress.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 2967040 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxcmjit64.dll
+ 2012-03-20 05:09 . 2012-03-20 05:09 2321408 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igfxcmjit32.dll
+ 2012-03-20 06:31 . 2012-03-20 06:31 8087040 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdumd64.dll
+ 2012-03-20 06:26 . 2012-03-20 06:26 6120960 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdumd32.dll
+ 2012-03-20 06:03 . 2012-03-20 06:03 3749888 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdbcl64.dll
+ 2012-03-20 06:00 . 2012-03-20 06:00 2866688 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdbcl32.dll
+ 2012-03-20 06:22 . 2012-03-20 06:22 9605632 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igd10umd64.dll
+ 2012-03-20 06:11 . 2012-03-20 06:11 7795200 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igd10umd32.dll
+ 2012-03-20 06:44 . 2012-03-20 06:44 5888792 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\GfxUI.exe
+ 2012-06-12 17:28 . 2012-04-24 05:37 1462272 c:\windows\system32\crypt32.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 1133568 c:\windows\system32\cdosys.dll
+ 2012-07-11 21:24 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
+ 2009-07-14 04:45 . 2012-07-12 16:51 7294234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-11 16:48 7294234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-01-12 22:38 . 2012-05-16 15:29 4014069 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1001-4096.dat
+ 2012-01-12 22:38 . 2012-07-22 16:52 4014069 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1001-4096.dat
+ 2011-12-15 21:08 . 2012-06-13 15:25 1380083 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1001-12288.dat
+ 2012-03-15 20:17 . 2012-03-15 20:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-12 17:28 . 2012-03-21 22:30 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2012-05-11 04:40 . 2012-01-04 03:34 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-12 17:28 . 2012-03-21 22:30 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-03-15 20:17 . 2012-03-15 20:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-12 17:28 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2012-05-11 04:40 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-12 17:28 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 16:25 . 2012-05-11 16:25 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 15:08 . 2012-06-13 15:08 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 15:08 . 2012-06-13 15:08 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 16:24 . 2012-05-11 16:24 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-23 05:46 . 2012-04-23 05:46 1187328 c:\windows\Installer\6d5f415.msp
+ 2012-03-15 21:26 . 2012-03-15 21:26 4212736 c:\windows\Installer\6d5f40b.msp
+ 2011-09-30 18:32 . 2011-09-30 18:32 3411456 c:\windows\Installer\6336fc0.msi
+ 2011-10-28 21:33 . 2011-10-28 21:33 1376768 c:\windows\Installer\6336fb9.msi
+ 2012-06-12 07:15 . 2012-06-12 07:15 1688064 c:\windows\Installer\27238.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2012-06-13 15:23 . 2012-06-13 15:23 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-13 15:23 . 2012-06-13 15:23 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-13 15:24 . 2012-06-13 15:24 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-13 15:23 . 2012-06-13 15:23 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-13 15:22 . 2012-06-13 15:22 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 15:22 . 2012-06-13 15:22 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4435d0313c51c0e2d022384e24f7e280\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-13 15:53 . 2012-06-13 15:53 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\40e4b755f030a61f0b2e729258fc6d2a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 15:53 . 2012-06-13 15:53 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll
+ 2012-06-14 13:14 . 2012-06-14 13:14 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 15:29 . 2012-06-13 15:29 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-06-13 15:29 . 2012-06-13 15:29 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll
+ 2012-06-13 15:29 . 2012-06-13 15:29 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-06-14 13:14 . 2012-06-14 13:14 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe
+ 2012-06-14 14:08 . 2012-06-14 14:08 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 15:55 . 2012-06-13 15:55 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-13 15:54 . 2012-06-13 15:54 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 14:07 . 2012-06-14 14:07 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e1d267c8420e728973781f7105a99a5d\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd8d08e3412c7b8ba14e1ac867affcd4\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-14 14:08 . 2012-06-14 14:08 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3ded9525743f5484dd86c7806ec5553\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb47137b3e002d82dc7c9f97eeec2c93\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7fb6e6b899319b5b480483fd5371e04b\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7605419cce72fcf91bb7dbc31ebbbca5\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\328780f2db847d458362c28dfcb62bcd\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\217dc6642fc09542fd7f7fc16d1bdc3b\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a23e8a64ca21224f2bea9ca3c3a5a005\System.WorkflowServices.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0efbc299207e35df9199ca98c7209051\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\12f7432045de0943f05f83ba21ae2795\System.Workflow.Activities.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\238c801e0bbe9ca6b49241e96c9002a0\System.Web.Mobile.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f21d509212c31d51f71b3f750052e9fb\System.Web.Extensions.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-13 15:27 . 2012-06-13 15:27 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-14 13:12 . 2012-06-14 13:12 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-13 15:27 . 2012-06-13 15:27 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\1f7ce0fa41c5f946666d03ff79cd4f7a\System.Deployment.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\81aacc474fa8eab0acc6e4be332c1bc7\PresentationUI.ni.dll
+ 2012-06-14 13:12 . 2012-06-14 13:12 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\5a1931b757da881a84c3a4a5477a7c20\Narrator.ni.exe
+ 2012-06-14 14:09 . 2012-06-14 14:09 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe
+ 2012-06-14 14:09 . 2012-06-14 14:09 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-13 15:34 . 2012-06-13 15:34 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\1c088fce4f92cbe43503d584fa51af1d\MMCEx.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\8706f5d47b38dac04d0cd230baee4c0d\MIGUIControls.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ca751192bea68826694e690f3a6b5481\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4edc9ecb13c33924ae73febac2d41b35\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\915ffe12bb261ba8ee009f379ba7d086\Microsoft.Ink.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\38ca1e4f14366981e2fb9ef6d977c966\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\121a206f90a50c110c3aa561aac4cab1\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 14:09 . 2012-06-14 14:09 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-13 15:33 . 2012-06-13 15:33 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\2ffc241a384334f2f12a89f318d3a82c\mcstore.ni.dll
- 2012-05-11 04:40 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-12 17:28 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-12 17:28 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-07-11 21:24 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
+ 2012-07-12 16:25 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2012-03-20 05:21 . 2012-03-20 05:21 13212672 c:\windows\SysWOW64\ig4icd32.dll
+ 2009-07-14 02:34 . 2012-07-12 16:46 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-11 21:24 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll
- 2012-02-15 15:45 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2012-07-12 16:25 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
+ 2012-07-11 18:45 . 2012-07-11 18:45 12314312 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll
+ 2012-03-20 05:31 . 2012-03-20 05:31 18137088 c:\windows\system32\ig4icd64.dll
+ 2012-07-12 16:25 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
+ 2012-03-20 06:32 . 2012-03-20 06:32 14745600 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdkmd64.sys
+ 2012-03-20 05:55 . 2012-03-20 05:55 28992000 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdfcl64.dll
+ 2012-03-20 05:43 . 2012-03-20 05:43 23460864 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\igdfcl32.dll
+ 2012-03-20 05:33 . 2012-03-20 05:33 17226240 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\ig7icd64.dll
+ 2012-03-20 05:23 . 2012-03-20 05:23 13024256 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\ig7icd32.dll
+ 2012-03-20 05:31 . 2012-03-20 05:31 18137088 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\ig4icd64.dll
+ 2012-03-20 05:21 . 2012-03-20 05:21 13212672 c:\windows\system32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_2b61513fe1a7b941\ig4icd32.dll
+ 2012-03-20 06:32 . 2012-03-20 06:32 14745600 c:\windows\system32\drivers\igdkmd64.sys
+ 2011-12-05 20:13 . 2012-07-22 16:52 58381768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1001-8192.dat
+ 2012-05-19 15:11 . 2012-05-19 15:11 53217792 c:\windows\Installer\719e1e8.msp
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\1a337.msp
+ 2012-06-13 15:24 . 2012-06-13 15:24 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-13 15:23 . 2012-06-13 15:23 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-13 15:23 . 2012-06-13 15:23 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-06-13 15:09 . 2012-06-13 15:09 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
+ 2012-06-14 13:14 . 2012-06-14 13:14 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll
+ 2012-06-14 13:15 . 2012-06-14 13:15 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll
+ 2012-06-13 15:29 . 2012-06-13 15:29 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-06-13 15:55 . 2012-06-13 15:55 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-06-14 13:12 . 2012-06-14 13:12 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-13 15:27 . 2012-06-13 15:27 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\bd50eea0424b0f1e4c8b3f5cd79494d1\System.Design.ni.dll
+ 2012-06-14 13:13 . 2012-06-14 13:13 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-13 15:28 . 2012-06-13 15:28 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-13 15:27 . 2012-06-13 15:27 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-25 75048]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-07-21 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\users\Pramod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_3A60B698;CyberLink Product - 2011/07/21 11:50;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2010-10-13 240112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-07-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-07-21 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-31 25960]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-07-21 13408]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 MOBK755Filter;MOBK755Filter;c:\windows\system32\DRIVERS\MOBK755.sys [2010-09-20 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [2011-07-21 15456]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 MOBK755backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-01 2009704]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-07-21 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [2011-07-21 20064]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-03-31 412712]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_3A60B698
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 03:45]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 11:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 11:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK755]
@="{f378ff85-8d0a-cbe6-4735-3a67760db6bb}"
[HKEY_CLASSES_ROOT\CLSID\{f378ff85-8d0a-cbe6-4735-3a67760db6bb}]
2010-09-20 10:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7552]
@="{8406002f-3c7e-565d-de02-414c2856a50b}"
[HKEY_CLASSES_ROOT\CLSID\{8406002f-3c7e-565d-de02-414c2856a50b}]
2010-09-20 10:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7553]
@="{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}"
[HKEY_CLASSES_ROOT\CLSID\{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}]
2010-09-20 10:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-07-21 11:56 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-07-21 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-07-21 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-07-21 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-07-21 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-29 15:29:05
ComboFix-quarantined-files.txt 2012-07-29 22:28
ComboFix2.txt 2012-05-18 06:01
ComboFix3.txt 2012-05-17 08:22
.
Pre-Run: 463,166,554,112 bytes free
Post-Run: 462,859,214,848 bytes free
.
- - End Of File - - A6341C0F453F7983AAA2FA573BA9BCC6

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 29 July 2012 - 08:29 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 29 July 2012 - 10:13 PM

Hi,
Thank you for your prompt reply.

I ran the TDSSKiller and aswMBR.exe as asked by you.

The logs are as follows

TDSSKiller log

19:55:14.0603 8776 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:55:15.0704 8776 ============================================================
19:55:15.0704 8776 Current date / time: 2012/07/29 19:55:15.0704
19:55:15.0704 8776 SystemInfo:
19:55:15.0704 8776
19:55:15.0704 8776 OS Version: 6.1.7601 ServicePack: 1.0
19:55:15.0704 8776 Product type: Workstation
19:55:15.0705 8776 ComputerName: PLUTO
19:55:15.0705 8776 UserName: Pramod
19:55:15.0705 8776 Windows directory: C:\windows
19:55:15.0705 8776 System windows directory: C:\windows
19:55:15.0705 8776 Running under WOW64
19:55:15.0705 8776 Processor architecture: Intel x64
19:55:15.0705 8776 Number of processors: 8
19:55:15.0705 8776 Page size: 0x1000
19:55:15.0705 8776 Boot type: Normal boot
19:55:15.0705 8776 ============================================================
19:55:16.0226 8776 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:16.0231 8776 ============================================================
19:55:16.0231 8776 \Device\Harddisk0\DR0:
19:55:16.0232 8776 MBR partitions:
19:55:16.0232 8776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:55:16.0232 8776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
19:55:16.0270 8776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
19:55:16.0270 8776 ============================================================
19:55:16.0349 8776 C: <-> \Device\Harddisk0\DR0\Partition1
19:55:16.0458 8776 D: <-> \Device\Harddisk0\DR0\Partition2
19:55:16.0458 8776 ============================================================
19:55:16.0458 8776 Initialize success
19:55:16.0459 8776 ============================================================
19:55:20.0409 4988 ============================================================
19:55:20.0409 4988 Scan started
19:55:20.0409 4988 Mode: Manual;
19:55:20.0409 4988 ============================================================
19:55:21.0509 4988 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:55:21.0589 4988 1394ohci - ok
19:55:21.0672 4988 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:55:21.0699 4988 ACPI - ok
19:55:21.0736 4988 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:55:21.0797 4988 AcpiPmi - ok
19:55:21.0837 4988 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
19:55:21.0871 4988 ACPIVPC - ok
19:55:21.0980 4988 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:55:21.0982 4988 AdobeARMservice - ok
19:55:22.0145 4988 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:22.0150 4988 AdobeFlashPlayerUpdateSvc - ok
19:55:22.0226 4988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:55:22.0259 4988 adp94xx - ok
19:55:22.0324 4988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:55:22.0344 4988 adpahci - ok
19:55:22.0379 4988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:55:22.0420 4988 adpu320 - ok
19:55:22.0470 4988 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:55:22.0473 4988 AeLookupSvc - ok
19:55:22.0574 4988 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:55:22.0591 4988 AFD - ok
19:55:22.0638 4988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:55:22.0647 4988 agp440 - ok
19:55:22.0672 4988 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:55:22.0674 4988 ALG - ok
19:55:22.0700 4988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:55:22.0706 4988 aliide - ok
19:55:22.0716 4988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:55:22.0720 4988 amdide - ok
19:55:22.0748 4988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:55:22.0754 4988 AmdK8 - ok
19:55:22.0783 4988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
19:55:22.0788 4988 AmdPPM - ok
19:55:22.0844 4988 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:55:22.0920 4988 amdsata - ok
19:55:22.0939 4988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:55:22.0945 4988 amdsbs - ok
19:55:22.0959 4988 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:55:22.0995 4988 amdxata - ok
19:55:23.0126 4988 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
19:55:23.0136 4988 AntiSpywareService - ok
19:55:23.0193 4988 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:55:23.0196 4988 AppID - ok
19:55:23.0224 4988 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:55:23.0227 4988 AppIDSvc - ok
19:55:23.0245 4988 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:55:23.0247 4988 Appinfo - ok
19:55:23.0303 4988 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:55:23.0308 4988 arc - ok
19:55:23.0322 4988 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:55:23.0331 4988 arcsas - ok
19:55:23.0351 4988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:55:23.0353 4988 AsyncMac - ok
19:55:23.0380 4988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:55:23.0384 4988 atapi - ok
19:55:23.0491 4988 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:55:23.0504 4988 AudioEndpointBuilder - ok
19:55:23.0515 4988 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:55:23.0523 4988 AudioSrv - ok
19:55:23.0582 4988 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:55:23.0586 4988 AxInstSV - ok
19:55:23.0658 4988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:55:23.0688 4988 b06bdrv - ok
19:55:23.0728 4988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:55:23.0748 4988 b57nd60a - ok
19:55:23.0810 4988 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:55:23.0833 4988 BDESVC - ok
19:55:23.0876 4988 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:55:23.0879 4988 Beep - ok
19:55:23.0973 4988 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:55:23.0988 4988 BFE - ok
19:55:24.0100 4988 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:55:24.0121 4988 BITS - ok
19:55:24.0197 4988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:55:24.0210 4988 blbdrive - ok
19:55:24.0249 4988 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:55:24.0253 4988 bowser - ok
19:55:24.0293 4988 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
19:55:24.0357 4988 BPntDrv - ok
19:55:24.0390 4988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:55:24.0395 4988 BrFiltLo - ok
19:55:24.0405 4988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:55:24.0409 4988 BrFiltUp - ok
19:55:24.0460 4988 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:55:24.0484 4988 BridgeMP - ok
19:55:24.0541 4988 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:55:24.0547 4988 Browser - ok
19:55:24.0578 4988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:55:24.0597 4988 Brserid - ok
19:55:24.0619 4988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:55:24.0626 4988 BrSerWdm - ok
19:55:24.0643 4988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:55:24.0648 4988 BrUsbMdm - ok
19:55:24.0662 4988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:55:24.0666 4988 BrUsbSer - ok
19:55:24.0718 4988 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:55:24.0726 4988 BthEnum - ok
19:55:24.0757 4988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:55:24.0763 4988 BTHMODEM - ok
19:55:24.0802 4988 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:55:24.0806 4988 BthPan - ok
19:55:24.0912 4988 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
19:55:24.0964 4988 BTHPORT - ok
19:55:25.0003 4988 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:55:25.0008 4988 bthserv - ok
19:55:25.0029 4988 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
19:55:25.0077 4988 BTHUSB - ok
19:55:25.0155 4988 BTWAMPFL (9de56fa4533e485ae5409d3c11747143) C:\windows\system32\DRIVERS\btwampfl.sys
19:55:25.0162 4988 BTWAMPFL - ok
19:55:25.0205 4988 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys
19:55:25.0258 4988 btwaudio - ok
19:55:25.0283 4988 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
19:55:25.0284 4988 btwavdt - ok
19:55:25.0429 4988 btwdins (7987fffda812abc69047d1b029d446a2) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
19:55:25.0444 4988 btwdins - ok
19:55:25.0468 4988 btwl2cap (e8d2bcd080ea91e74775b9f5ea051f97) C:\windows\system32\DRIVERS\btwl2cap.sys
19:55:25.0469 4988 btwl2cap - ok
19:55:25.0498 4988 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
19:55:25.0500 4988 btwrchid - ok
19:55:25.0583 4988 catchme - ok
19:55:25.0625 4988 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:55:25.0648 4988 cdfs - ok
19:55:25.0704 4988 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:55:25.0775 4988 cdrom - ok
19:55:25.0819 4988 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:55:25.0822 4988 CertPropSvc - ok
19:55:25.0877 4988 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
19:55:25.0941 4988 cfwids - ok
19:55:25.0969 4988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:55:25.0972 4988 circlass - ok
19:55:26.0028 4988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:55:26.0037 4988 CLFS - ok
19:55:26.0168 4988 CLKMSVC10_3A60B698 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe
19:55:26.0181 4988 CLKMSVC10_3A60B698 - ok
19:55:26.0264 4988 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:26.0267 4988 clr_optimization_v2.0.50727_32 - ok
19:55:26.0322 4988 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:55:26.0326 4988 clr_optimization_v2.0.50727_64 - ok
19:55:26.0447 4988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:26.0468 4988 clr_optimization_v4.0.30319_32 - ok
19:55:26.0513 4988 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:55:26.0523 4988 clr_optimization_v4.0.30319_64 - ok
19:55:26.0680 4988 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
19:55:26.0744 4988 clwvd - ok
19:55:26.0771 4988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:55:26.0780 4988 CmBatt - ok
19:55:26.0793 4988 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:55:26.0800 4988 cmdide - ok
19:55:26.0893 4988 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
19:55:26.0911 4988 CNG - ok
19:55:26.0951 4988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
19:55:26.0962 4988 Compbatt - ok
19:55:26.0976 4988 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:55:27.0028 4988 CompositeBus - ok
19:55:27.0041 4988 COMSysApp - ok
19:55:27.0191 4988 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\windows\SysWow64\IntelCpHeciSvc.exe
19:55:27.0202 4988 cphs - ok
19:55:27.0220 4988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:55:27.0226 4988 crcdisk - ok
19:55:27.0311 4988 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:55:27.0364 4988 CryptSvc - ok
19:55:27.0537 4988 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:55:27.0550 4988 cvhsvc - ok
19:55:27.0648 4988 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:55:27.0662 4988 DcomLaunch - ok
19:55:27.0724 4988 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:55:27.0745 4988 defragsvc - ok
19:55:27.0827 4988 DelayMan (ffd82c1c4abb5b0859eb081664dbda11) C:\windows\system32\DRIVERS\delayman.sys
19:55:27.0829 4988 DelayMan - ok
19:55:27.0872 4988 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:55:27.0876 4988 DfsC - ok
19:55:27.0927 4988 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:55:27.0934 4988 Dhcp - ok
19:55:27.0974 4988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:55:27.0977 4988 discache - ok
19:55:28.0015 4988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:55:28.0025 4988 Disk - ok
19:55:28.0124 4988 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:55:28.0131 4988 Dnscache - ok
19:55:28.0257 4988 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:55:28.0283 4988 dot3svc - ok
19:55:28.0379 4988 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
19:55:28.0401 4988 Dot4 - ok
19:55:28.0474 4988 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
19:55:28.0539 4988 Dot4Print - ok
19:55:28.0576 4988 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
19:55:28.0586 4988 dot4usb - ok
19:55:28.0636 4988 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:55:28.0666 4988 DPS - ok
19:55:28.0727 4988 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:55:28.0739 4988 drmkaud - ok
19:55:28.0845 4988 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:55:28.0865 4988 DXGKrnl - ok
19:55:28.0916 4988 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:55:28.0921 4988 EapHost - ok
19:55:29.0233 4988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:55:29.0313 4988 ebdrv - ok
19:55:29.0471 4988 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:55:29.0475 4988 EFS - ok
19:55:29.0578 4988 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:55:29.0601 4988 ehRecvr - ok
19:55:29.0630 4988 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:55:29.0635 4988 ehSched - ok
19:55:29.0755 4988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:55:29.0797 4988 elxstor - ok
19:55:29.0818 4988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:55:29.0826 4988 ErrDev - ok
19:55:29.0916 4988 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:55:29.0924 4988 EventSystem - ok
19:55:30.0178 4988 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:55:30.0194 4988 EvtEng - ok
19:55:30.0379 4988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:55:30.0395 4988 exfat - ok
19:55:30.0428 4988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:55:30.0445 4988 fastfat - ok
19:55:30.0539 4988 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:55:30.0560 4988 Fax - ok
19:55:30.0616 4988 fbfmon (0bdd7984db7aaff6dfefd11d82d473db) C:\windows\system32\drivers\fbfmon.sys
19:55:30.0692 4988 fbfmon - ok
19:55:30.0727 4988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:55:30.0731 4988 fdc - ok
19:55:30.0769 4988 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:55:30.0773 4988 fdPHost - ok
19:55:30.0806 4988 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:55:30.0810 4988 FDResPub - ok
19:55:30.0855 4988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:55:30.0858 4988 FileInfo - ok
19:55:30.0877 4988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:55:30.0880 4988 Filetrace - ok
19:55:30.0904 4988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:55:30.0910 4988 flpydisk - ok
19:55:30.0954 4988 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:55:30.0962 4988 FltMgr - ok
19:55:31.0104 4988 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:55:31.0123 4988 FontCache - ok
19:55:31.0188 4988 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:31.0191 4988 FontCache3.0.0.0 - ok
19:55:31.0238 4988 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:55:31.0241 4988 FsDepends - ok
19:55:31.0294 4988 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:55:31.0297 4988 Fs_Rec - ok
19:55:31.0347 4988 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:55:31.0360 4988 fvevol - ok
19:55:31.0400 4988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:55:31.0411 4988 gagp30kx - ok
19:55:31.0529 4988 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:55:31.0544 4988 gpsvc - ok
19:55:31.0649 4988 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:31.0652 4988 gupdate - ok
19:55:31.0659 4988 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:31.0662 4988 gupdatem - ok
19:55:31.0700 4988 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:31.0716 4988 gusvc - ok
19:55:31.0751 4988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:55:31.0758 4988 hcw85cir - ok
19:55:31.0817 4988 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:55:31.0889 4988 HdAudAddService - ok
19:55:31.0934 4988 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:55:31.0958 4988 HDAudBus - ok
19:55:31.0979 4988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:55:31.0984 4988 HidBatt - ok
19:55:32.0015 4988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:55:32.0044 4988 HidBth - ok
19:55:32.0084 4988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:55:32.0092 4988 HidIr - ok
19:55:32.0129 4988 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:55:32.0132 4988 hidserv - ok
19:55:32.0166 4988 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
19:55:32.0221 4988 HidUsb - ok
19:55:32.0243 4988 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:55:32.0245 4988 hkmsvc - ok
19:55:32.0277 4988 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:55:32.0280 4988 HomeGroupListener - ok
19:55:32.0327 4988 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:55:32.0335 4988 HomeGroupProvider - ok
19:55:32.0534 4988 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:55:32.0540 4988 hpqcxs08 - ok
19:55:32.0573 4988 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:55:32.0575 4988 hpqddsvc - ok
19:55:32.0614 4988 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:55:32.0673 4988 HpSAMD - ok
19:55:32.0789 4988 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:55:32.0806 4988 HTTP - ok
19:55:32.0826 4988 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:55:32.0828 4988 hwpolicy - ok
19:55:32.0879 4988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:55:32.0912 4988 i8042prt - ok
19:55:32.0998 4988 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
19:55:33.0005 4988 iaStor - ok
19:55:33.0090 4988 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:55:33.0093 4988 IAStorDataMgrSvc - ok
19:55:33.0178 4988 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:55:33.0260 4988 iaStorV - ok
19:55:33.0418 4988 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:33.0445 4988 idsvc - ok
19:55:34.0356 4988 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\windows\system32\DRIVERS\igdkmd64.sys
19:55:34.0731 4988 igfx - ok
19:55:34.0909 4988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:55:34.0921 4988 iirsp - ok
19:55:35.0027 4988 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:55:35.0044 4988 IKEEXT - ok
19:55:35.0318 4988 IntcAzAudAddService (1ce438b31551746ab450d8ffa403bdb5) C:\windows\system32\drivers\RTKVHD64.sys
19:55:35.0547 4988 IntcAzAudAddService - ok
19:55:35.0745 4988 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
19:55:35.0819 4988 IntcDAud - ok
19:55:35.0848 4988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:55:35.0851 4988 intelide - ok
19:55:35.0884 4988 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:55:35.0888 4988 intelppm - ok
19:55:35.0941 4988 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:55:35.0965 4988 IPBusEnum - ok
19:55:35.0990 4988 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:55:35.0993 4988 IpFilterDriver - ok
19:55:36.0074 4988 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:55:36.0088 4988 iphlpsvc - ok
19:55:36.0117 4988 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:55:36.0172 4988 IPMIDRV - ok
19:55:36.0197 4988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:55:36.0218 4988 IPNAT - ok
19:55:36.0250 4988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:55:36.0253 4988 IRENUM - ok
19:55:36.0280 4988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:55:36.0286 4988 isapnp - ok
19:55:36.0325 4988 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:55:36.0390 4988 iScsiPrt - ok
19:55:36.0495 4988 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
19:55:36.0501 4988 ITMRTSVC - ok
19:55:36.0576 4988 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\windows\system32\DRIVERS\jmcr.sys
19:55:36.0641 4988 JMCR - ok
19:55:36.0720 4988 k57nd60a (376bc8e5f4a0ea0f0f16818bb1a95d4b) C:\windows\system32\DRIVERS\k57nd60a.sys
19:55:36.0794 4988 k57nd60a - ok
19:55:36.0815 4988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:55:36.0820 4988 kbdclass - ok
19:55:36.0853 4988 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:55:36.0904 4988 kbdhid - ok
19:55:36.0959 4988 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:55:36.0963 4988 KeyIso - ok
19:55:37.0016 4988 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
19:55:37.0040 4988 KSecDD - ok
19:55:37.0075 4988 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
19:55:37.0083 4988 KSecPkg - ok
19:55:37.0102 4988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:55:37.0104 4988 ksthunk - ok
19:55:37.0170 4988 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:55:37.0208 4988 KtmRm - ok
19:55:37.0271 4988 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:55:37.0276 4988 LanmanServer - ok
19:55:37.0323 4988 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:55:37.0327 4988 LanmanWorkstation - ok
19:55:37.0377 4988 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
19:55:37.0439 4988 LHDmgr - ok
19:55:37.0465 4988 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:55:37.0467 4988 lltdio - ok
19:55:37.0519 4988 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:55:37.0539 4988 lltdsvc - ok
19:55:37.0570 4988 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:55:37.0575 4988 lmhosts - ok
19:55:37.0699 4988 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:55:37.0706 4988 LMS - ok
19:55:37.0750 4988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:55:37.0778 4988 LSI_FC - ok
19:55:37.0815 4988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:55:37.0841 4988 LSI_SAS - ok
19:55:37.0868 4988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:55:37.0875 4988 LSI_SAS2 - ok
19:55:37.0892 4988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:55:37.0902 4988 LSI_SCSI - ok
19:55:37.0933 4988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:55:37.0956 4988 luafv - ok
19:55:38.0123 4988 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:38.0127 4988 McAfee SiteAdvisor Service - ok
19:55:38.0133 4988 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:38.0136 4988 McMPFSvc - ok
19:55:38.0143 4988 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:38.0146 4988 mcmscsvc - ok
19:55:38.0165 4988 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:38.0169 4988 McNaiAnn - ok
19:55:38.0188 4988 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:38.0190 4988 McNASvc - ok
19:55:38.0347 4988 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
19:55:38.0354 4988 McODS - ok
19:55:38.0360 4988 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:38.0363 4988 McProxy - ok
19:55:38.0408 4988 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:55:38.0412 4988 McShield - ok
19:55:38.0451 4988 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:55:38.0456 4988 Mcx2Svc - ok
19:55:38.0484 4988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:55:38.0497 4988 megasas - ok
19:55:38.0561 4988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:55:38.0593 4988 MegaSR - ok
19:55:38.0624 4988 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
19:55:38.0687 4988 MEIx64 - ok
19:55:38.0753 4988 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
19:55:38.0760 4988 mfeapfk - ok
19:55:38.0830 4988 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
19:55:38.0887 4988 mfeavfk - ok
19:55:38.0916 4988 mfeavfk01 - ok
19:55:38.0959 4988 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:55:38.0964 4988 mfefire - ok
19:55:39.0022 4988 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
19:55:39.0092 4988 mfefirek - ok
19:55:39.0170 4988 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
19:55:39.0272 4988 mfehidk - ok
19:55:39.0321 4988 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
19:55:39.0378 4988 mfenlfk - ok
19:55:39.0402 4988 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
19:55:39.0404 4988 mferkdet - ok
19:55:39.0464 4988 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\windows\system32\mfevtps.exe
19:55:39.0470 4988 mfevtp - ok
19:55:39.0531 4988 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
19:55:39.0613 4988 mfewfpk - ok
19:55:39.0646 4988 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:55:39.0651 4988 MMCSS - ok
19:55:39.0803 4988 MOBK755backup (41584afcb3f530acb6a92152f281e1b0) C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
19:55:39.0808 4988 MOBK755backup - ok
19:55:39.0827 4988 MOBK755Filter (3c69aa906ee867ade4437acd8460b43d) C:\windows\system32\DRIVERS\MOBK755.sys
19:55:39.0883 4988 MOBK755Filter - ok
19:55:39.0908 4988 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:55:39.0909 4988 Modem - ok
19:55:39.0944 4988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:55:39.0947 4988 monitor - ok
19:55:39.0972 4988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:55:39.0981 4988 mouclass - ok
19:55:40.0004 4988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
19:55:40.0012 4988 mouhid - ok
19:55:40.0056 4988 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:55:40.0080 4988 mountmgr - ok
19:55:40.0158 4988 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:55:40.0181 4988 MozillaMaintenance - ok
19:55:40.0224 4988 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:55:40.0295 4988 mpio - ok
19:55:40.0319 4988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:55:40.0321 4988 mpsdrv - ok
19:55:40.0421 4988 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:55:40.0446 4988 MpsSvc - ok
19:55:40.0478 4988 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:55:40.0486 4988 MRxDAV - ok
19:55:40.0540 4988 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:55:40.0616 4988 mrxsmb - ok
19:55:40.0663 4988 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:55:40.0682 4988 mrxsmb10 - ok
19:55:40.0710 4988 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:55:40.0732 4988 mrxsmb20 - ok
19:55:40.0766 4988 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:55:40.0832 4988 msahci - ok
19:55:40.0846 4988 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:55:40.0888 4988 msdsm - ok
19:55:40.0933 4988 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:55:40.0953 4988 MSDTC - ok
19:55:40.0975 4988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:55:40.0977 4988 Msfs - ok
19:55:40.0994 4988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:55:40.0996 4988 mshidkmdf - ok
19:55:41.0006 4988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:55:41.0011 4988 msisadrv - ok
19:55:41.0075 4988 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:55:41.0094 4988 MSiSCSI - ok
19:55:41.0101 4988 msiserver - ok
19:55:41.0246 4988 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:41.0251 4988 MSK80Service - ok
19:55:41.0309 4988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:55:41.0311 4988 MSKSSRV - ok
19:55:41.0333 4988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:55:41.0335 4988 MSPCLOCK - ok
19:55:41.0356 4988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:55:41.0358 4988 MSPQM - ok
19:55:41.0423 4988 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:55:41.0443 4988 MsRPC - ok
19:55:41.0493 4988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:55:41.0496 4988 mssmbios - ok
19:55:41.0517 4988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:55:41.0520 4988 MSTEE - ok
19:55:41.0536 4988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:55:41.0544 4988 MTConfig - ok
19:55:41.0567 4988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:55:41.0570 4988 Mup - ok
19:55:41.0659 4988 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:55:41.0683 4988 MyWiFiDHCPDNS - ok
19:55:41.0760 4988 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:55:41.0774 4988 napagent - ok
19:55:41.0843 4988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:55:41.0860 4988 NativeWifiP - ok
19:55:41.0996 4988 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
19:55:42.0013 4988 NDIS - ok
19:55:42.0039 4988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:55:42.0041 4988 NdisCap - ok
19:55:42.0072 4988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:55:42.0074 4988 NdisTapi - ok
19:55:42.0092 4988 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:55:42.0094 4988 Ndisuio - ok
19:55:42.0125 4988 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:55:42.0134 4988 NdisWan - ok
19:55:42.0154 4988 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:55:42.0157 4988 NDProxy - ok
19:55:42.0224 4988 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
19:55:42.0299 4988 Net Driver HPZ12 - ok
19:55:42.0326 4988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:55:42.0328 4988 NetBIOS - ok
19:55:42.0371 4988 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:55:42.0383 4988 NetBT - ok
19:55:42.0436 4988 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:55:42.0440 4988 Netlogon - ok
19:55:42.0502 4988 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:55:42.0520 4988 Netman - ok
19:55:42.0587 4988 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:55:42.0597 4988 netprofm - ok
19:55:42.0671 4988 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:42.0674 4988 NetTcpPortSharing - ok
19:55:43.0245 4988 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys
19:55:43.0510 4988 NETwNs64 - ok
19:55:43.0683 4988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:55:43.0691 4988 nfrd960 - ok
19:55:43.0757 4988 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:55:43.0767 4988 NlaSvc - ok
19:55:43.0784 4988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:55:43.0787 4988 Npfs - ok
19:55:43.0806 4988 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:55:43.0811 4988 nsi - ok
19:55:43.0828 4988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:55:43.0830 4988 nsiproxy - ok
19:55:44.0049 4988 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:55:44.0085 4988 Ntfs - ok
19:55:44.0234 4988 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:55:44.0236 4988 Null - ok
19:55:44.0290 4988 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\windows\system32\DRIVERS\nusb3hub.sys
19:55:44.0352 4988 nusb3hub - ok
19:55:44.0397 4988 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\windows\system32\DRIVERS\nusb3xhc.sys
19:55:44.0451 4988 nusb3xhc - ok
19:55:45.0176 4988 nvlddmkm (2aeaf219ff828725499101e20e35960d) C:\windows\system32\DRIVERS\nvlddmkm.sys
19:55:45.0399 4988 nvlddmkm - ok
19:55:45.0566 4988 nvpciflt (565fdbd0b5b4824d907535c5677e1232) C:\windows\system32\DRIVERS\nvpciflt.sys
19:55:45.0637 4988 nvpciflt - ok
19:55:45.0706 4988 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:55:45.0774 4988 nvraid - ok
19:55:45.0823 4988 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:55:45.0899 4988 nvstor - ok
19:55:46.0027 4988 NVSvc (f9085a7f49bf15cc509dfe0470f6f51c) C:\windows\system32\nvvsvc.exe
19:55:46.0040 4988 NVSvc - ok
19:55:46.0267 4988 nvUpdatusService (b167c35d675c89b6b8bfcbfe9728f2b5) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:55:46.0282 4988 nvUpdatusService - ok
19:55:46.0466 4988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:55:46.0484 4988 nv_agp - ok
19:55:46.0561 4988 Oasis2Service (2af46ffdfe180afa6e4b8c9ec0680d67) C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
19:55:46.0564 4988 Oasis2Service - ok
19:55:46.0588 4988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:55:46.0600 4988 ohci1394 - ok
19:55:46.0693 4988 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:46.0701 4988 ose - ok
19:55:47.0037 4988 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:55:47.0146 4988 osppsvc - ok
19:55:47.0333 4988 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:55:47.0344 4988 p2pimsvc - ok
19:55:47.0417 4988 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:55:47.0440 4988 p2psvc - ok
19:55:47.0493 4988 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:55:47.0523 4988 Parport - ok
19:55:47.0564 4988 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:55:47.0568 4988 partmgr - ok
19:55:47.0608 4988 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:55:47.0615 4988 PcaSvc - ok
19:55:47.0664 4988 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:55:47.0734 4988 pci - ok
19:55:47.0766 4988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:55:47.0773 4988 pciide - ok
19:55:47.0814 4988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:55:47.0833 4988 pcmcia - ok
19:55:47.0856 4988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:55:47.0859 4988 pcw - ok
19:55:47.0929 4988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:55:47.0946 4988 PEAUTH - ok
19:55:48.0049 4988 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:55:48.0052 4988 PerfHost - ok
19:55:48.0214 4988 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:55:48.0239 4988 pla - ok
19:55:48.0325 4988 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:55:48.0337 4988 PlugPlay - ok
19:55:48.0431 4988 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
19:55:48.0507 4988 Pml Driver HPZ12 - ok
19:55:48.0519 4988 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:55:48.0522 4988 PNRPAutoReg - ok
19:55:48.0564 4988 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:55:48.0572 4988 PNRPsvc - ok
19:55:48.0642 4988 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:55:48.0654 4988 PolicyAgent - ok
19:55:48.0708 4988 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:55:48.0722 4988 Power - ok
19:55:48.0810 4988 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:55:48.0832 4988 PptpMiniport - ok
19:55:48.0857 4988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:55:48.0865 4988 Processor - ok
19:55:48.0927 4988 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:55:48.0935 4988 ProfSvc - ok
19:55:48.0981 4988 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:55:48.0985 4988 ProtectedStorage - ok
19:55:49.0026 4988 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:55:49.0030 4988 Psched - ok
19:55:49.0232 4988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:55:49.0310 4988 ql2300 - ok
19:55:49.0474 4988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:55:49.0488 4988 ql40xx - ok
19:55:49.0537 4988 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:55:49.0553 4988 QWAVE - ok
19:55:49.0571 4988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:55:49.0574 4988 QWAVEdrv - ok
19:55:49.0594 4988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:55:49.0597 4988 RasAcd - ok
19:55:49.0640 4988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:55:49.0643 4988 RasAgileVpn - ok
19:55:49.0671 4988 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:55:49.0695 4988 RasAuto - ok
19:55:49.0721 4988 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:55:49.0743 4988 Rasl2tp - ok
19:55:49.0799 4988 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:55:49.0809 4988 RasMan - ok
19:55:49.0839 4988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:55:49.0843 4988 RasPppoe - ok
19:55:49.0872 4988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:55:49.0880 4988 RasSstp - ok
19:55:49.0924 4988 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:55:49.0934 4988 rdbss - ok
19:55:49.0954 4988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:55:49.0965 4988 rdpbus - ok
19:55:49.0990 4988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:55:49.0993 4988 RDPCDD - ok
19:55:50.0014 4988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:55:50.0017 4988 RDPENCDD - ok
19:55:50.0034 4988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:55:50.0037 4988 RDPREFMP - ok
19:55:50.0111 4988 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:55:50.0125 4988 RDPWD - ok
19:55:50.0173 4988 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:55:50.0188 4988 rdyboost - ok
19:55:50.0365 4988 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:55:50.0379 4988 RegSrvc - ok
19:55:50.0420 4988 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:55:50.0433 4988 RemoteAccess - ok
19:55:50.0495 4988 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:55:50.0514 4988 RemoteRegistry - ok
19:55:50.0614 4988 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:55:50.0627 4988 RFCOMM - ok
19:55:50.0653 4988 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:55:50.0657 4988 RpcEptMapper - ok
19:55:50.0681 4988 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:55:50.0684 4988 RpcLocator - ok
19:55:50.0749 4988 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:55:50.0761 4988 RpcSs - ok
19:55:50.0792 4988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:55:50.0794 4988 rspndr - ok
19:55:50.0840 4988 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
19:55:50.0865 4988 RTL8167 - ok
19:55:50.0925 4988 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:55:50.0928 4988 SamSs - ok
19:55:50.0957 4988 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:55:51.0034 4988 sbp2port - ok
19:55:51.0084 4988 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:55:51.0101 4988 SCardSvr - ok
19:55:51.0120 4988 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:55:51.0175 4988 scfilter - ok
19:55:51.0292 4988 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:55:51.0313 4988 Schedule - ok
19:55:51.0353 4988 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:55:51.0355 4988 SCPolicySvc - ok
19:55:51.0405 4988 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
19:55:51.0477 4988 sdbus - ok
19:55:51.0512 4988 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:55:51.0517 4988 SDRSVC - ok
19:55:51.0568 4988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:55:51.0576 4988 secdrv - ok
19:55:51.0589 4988 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:55:51.0592 4988 seclogon - ok
19:55:51.0611 4988 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:55:51.0614 4988 SENS - ok
19:55:51.0633 4988 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:55:51.0638 4988 SensrSvc - ok
19:55:51.0661 4988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:55:51.0665 4988 Serenum - ok
19:55:51.0708 4988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:55:51.0724 4988 Serial - ok
19:55:51.0757 4988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:55:51.0764 4988 sermouse - ok
19:55:51.0807 4988 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:55:51.0878 4988 SessionEnv - ok
19:55:51.0893 4988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:55:51.0897 4988 sffdisk - ok
19:55:51.0914 4988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:55:51.0918 4988 sffp_mmc - ok
19:55:51.0930 4988 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:55:51.0976 4988 sffp_sd - ok
19:55:51.0995 4988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:55:51.0998 4988 sfloppy - ok
19:55:52.0122 4988 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:55:52.0178 4988 Sftfs - ok
19:55:52.0313 4988 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:55:52.0322 4988 sftlist - ok
19:55:52.0365 4988 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:55:52.0442 4988 Sftplay - ok
19:55:52.0460 4988 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:55:52.0494 4988 Sftredir - ok
19:55:52.0534 4988 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:55:52.0568 4988 Sftvol - ok
19:55:52.0605 4988 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:55:52.0609 4988 sftvsa - ok
19:55:52.0682 4988 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:55:52.0702 4988 SharedAccess - ok
19:55:52.0769 4988 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:55:52.0779 4988 ShellHWDetection - ok
19:55:52.0823 4988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:55:52.0833 4988 SiSRaid2 - ok
19:55:52.0861 4988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:55:52.0869 4988 SiSRaid4 - ok
19:55:52.0908 4988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:55:52.0911 4988 Smb - ok
19:55:52.0952 4988 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:55:52.0956 4988 SNMPTRAP - ok
19:55:52.0995 4988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:55:52.0998 4988 spldr - ok
19:55:53.0061 4988 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:55:53.0074 4988 Spooler - ok
19:55:53.0352 4988 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:55:53.0420 4988 sppsvc - ok
19:55:53.0551 4988 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:55:53.0557 4988 sppuinotify - ok
19:55:53.0648 4988 SPUVCbv (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:55:53.0717 4988 SPUVCbv - ok
19:55:53.0787 4988 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:55:53.0802 4988 srv - ok
19:55:53.0852 4988 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:55:53.0862 4988 srv2 - ok
19:55:53.0897 4988 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:55:53.0903 4988 srvnet - ok
19:55:53.0954 4988 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:55:53.0963 4988 SSDPSRV - ok
19:55:53.0979 4988 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:55:53.0983 4988 SstpSvc - ok
19:55:54.0001 4988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:55:54.0006 4988 stexstor - ok
19:55:54.0103 4988 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:55:54.0115 4988 stisvc - ok
19:55:54.0130 4988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:55:54.0137 4988 swenum - ok
19:55:54.0206 4988 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:55:54.0220 4988 swprv - ok
19:55:54.0399 4988 SynTP (0cf653915ef33c2b6a98c7ef2f231d56) C:\windows\system32\DRIVERS\SynTP.sys
19:55:54.0483 4988 SynTP - ok
19:55:54.0784 4988 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:55:54.0823 4988 SysMain - ok
19:55:55.0082 4988 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:55:55.0112 4988 TabletInputService - ok
19:55:55.0171 4988 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\windows\system32\DRIVERS\taphss.sys
19:55:55.0239 4988 taphss - ok
19:55:55.0286 4988 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:55:55.0296 4988 TapiSrv - ok
19:55:55.0319 4988 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:55:55.0323 4988 TBS - ok
19:55:55.0535 4988 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:55:55.0589 4988 Tcpip - ok
19:55:55.0910 4988 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:55:55.0932 4988 TCPIP6 - ok
19:55:56.0036 4988 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:55:56.0039 4988 tcpipreg - ok
19:55:56.0060 4988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:55:56.0063 4988 TDPIPE - ok
19:55:56.0110 4988 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:55:56.0113 4988 TDTCP - ok
19:55:56.0152 4988 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:55:56.0174 4988 tdx - ok
19:55:56.0207 4988 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:55:56.0245 4988 TermDD - ok
19:55:56.0328 4988 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:55:56.0350 4988 TermService - ok
19:55:56.0358 4988 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:55:56.0361 4988 Themes - ok
19:55:56.0401 4988 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:55:56.0403 4988 THREADORDER - ok
19:55:56.0433 4988 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:55:56.0457 4988 TrkWks - ok
19:55:56.0533 4988 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:55:56.0537 4988 TrustedInstaller - ok
19:55:56.0578 4988 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:55:56.0581 4988 tssecsrv - ok
19:55:56.0611 4988 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:55:56.0614 4988 TsUsbFlt - ok
19:55:56.0637 4988 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:55:56.0694 4988 TsUsbGD - ok
19:55:56.0747 4988 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:55:56.0751 4988 tunnel - ok
19:55:56.0781 4988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:55:56.0792 4988 uagp35 - ok
19:55:56.0851 4988 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:55:56.0868 4988 udfs - ok
19:55:56.0918 4988 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:55:56.0932 4988 UI0Detect - ok
19:55:56.0964 4988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:55:56.0973 4988 uliagpkx - ok
19:55:57.0004 4988 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:55:57.0057 4988 umbus - ok
19:55:57.0088 4988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:55:57.0091 4988 UmPass - ok
19:55:57.0396 4988 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:55:57.0411 4988 UNS - ok
19:55:57.0579 4988 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:55:57.0591 4988 upnphost - ok
19:55:57.0643 4988 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:55:57.0718 4988 usbccgp - ok
19:55:57.0757 4988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:55:57.0766 4988 usbcir - ok
19:55:57.0796 4988 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
19:55:57.0858 4988 usbehci - ok
19:55:57.0915 4988 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:55:57.0981 4988 usbhub - ok
19:55:58.0000 4988 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:55:58.0033 4988 usbohci - ok
19:55:58.0063 4988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:55:58.0070 4988 usbprint - ok
19:55:58.0120 4988 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:55:58.0127 4988 usbscan - ok
19:55:58.0167 4988 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:55:58.0241 4988 USBSTOR - ok
19:55:58.0253 4988 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:55:58.0286 4988 usbuhci - ok
19:55:58.0324 4988 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:55:58.0325 4988 usbvideo - ok
19:55:58.0350 4988 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:55:58.0356 4988 UxSms - ok
19:55:58.0402 4988 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:55:58.0406 4988 VaultSvc - ok
19:55:58.0419 4988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:55:58.0430 4988 vdrvroot - ok
19:55:58.0500 4988 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:55:58.0522 4988 vds - ok
19:55:58.0569 4988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:55:58.0577 4988 vga - ok
19:55:58.0604 4988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:55:58.0608 4988 VgaSave - ok
19:55:58.0649 4988 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:55:58.0734 4988 vhdmp - ok
19:55:58.0767 4988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:55:58.0771 4988 viaide - ok
19:55:58.0793 4988 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:55:58.0857 4988 volmgr - ok
19:55:58.0902 4988 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:55:58.0916 4988 volmgrx - ok
19:55:58.0967 4988 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:55:59.0044 4988 volsnap - ok
19:55:59.0086 4988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:55:59.0113 4988 vsmraid - ok
19:55:59.0275 4988 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:55:59.0318 4988 VSS - ok
19:55:59.0490 4988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:55:59.0494 4988 vwifibus - ok
19:55:59.0518 4988 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:55:59.0530 4988 vwififlt - ok
19:55:59.0566 4988 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:55:59.0569 4988 vwifimp - ok
19:55:59.0655 4988 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:55:59.0679 4988 W32Time - ok
19:55:59.0721 4988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:55:59.0733 4988 WacomPen - ok
19:55:59.0777 4988 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:55:59.0859 4988 WANARP - ok
19:55:59.0861 4988 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:55:59.0862 4988 Wanarpv6 - ok
19:56:00.0018 4988 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:56:00.0108 4988 WatAdminSvc - ok
19:56:00.0254 4988 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:56:00.0285 4988 wbengine - ok
19:56:00.0435 4988 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:56:00.0451 4988 WbioSrvc - ok
19:56:00.0509 4988 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:56:00.0523 4988 wcncsvc - ok
19:56:00.0546 4988 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:56:00.0551 4988 WcsPlugInService - ok
19:56:00.0607 4988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:56:00.0619 4988 Wd - ok
19:56:00.0695 4988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:56:00.0718 4988 Wdf01000 - ok
19:56:00.0746 4988 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:56:00.0751 4988 WdiServiceHost - ok
19:56:00.0758 4988 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:56:00.0763 4988 WdiSystemHost - ok
19:56:00.0806 4988 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
19:56:00.0869 4988 wdkmd - ok
19:56:00.0908 4988 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:56:00.0967 4988 WebClient - ok
19:56:01.0003 4988 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:56:01.0025 4988 Wecsvc - ok
19:56:01.0051 4988 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:56:01.0062 4988 wercplsupport - ok
19:56:01.0105 4988 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:56:01.0109 4988 WerSvc - ok
19:56:01.0148 4988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:56:01.0151 4988 WfpLwf - ok
19:56:01.0177 4988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:56:01.0180 4988 WIMMount - ok
19:56:01.0214 4988 WinDefend - ok
19:56:01.0225 4988 WinHttpAutoProxySvc - ok
19:56:01.0285 4988 winioex (fef576b25641012fa927b0a2703c51f9) C:\windows\system32\drivers\winioex.sys
19:56:01.0347 4988 winioex - ok
19:56:01.0438 4988 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:56:01.0445 4988 Winmgmt - ok
19:56:01.0627 4988 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:56:01.0690 4988 WinRM - ok
19:56:01.0868 4988 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:56:01.0930 4988 WinUsb - ok
19:56:02.0043 4988 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:56:02.0060 4988 Wlansvc - ok
19:56:02.0142 4988 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:56:02.0146 4988 wlcrasvc - ok
19:56:02.0367 4988 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:02.0389 4988 wlidsvc - ok
19:56:02.0540 4988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:56:02.0550 4988 WmiAcpi - ok
19:56:02.0645 4988 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:56:02.0660 4988 wmiApSrv - ok
19:56:02.0704 4988 WMPNetworkSvc - ok
19:56:02.0747 4988 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:56:02.0752 4988 WPCSvc - ok
19:56:02.0783 4988 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:56:02.0807 4988 WPDBusEnum - ok
19:56:02.0841 4988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:56:02.0844 4988 ws2ifsl - ok
19:56:02.0868 4988 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:56:02.0874 4988 wscsvc - ok
19:56:02.0880 4988 WSearch - ok
19:56:02.0926 4988 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
19:56:03.0001 4988 wsvd - ok
19:56:03.0246 4988 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
19:56:03.0314 4988 wuauserv - ok
19:56:03.0481 4988 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:56:03.0504 4988 WudfPf - ok
19:56:03.0555 4988 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:56:03.0625 4988 WUDFRd - ok
19:56:03.0659 4988 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:56:03.0662 4988 wudfsvc - ok
19:56:03.0692 4988 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:56:03.0707 4988 WwanSvc - ok
19:56:03.0780 4988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:56:04.0013 4988 \Device\Harddisk0\DR0 - ok
19:56:04.0018 4988 Boot (0x1200) (50a0d58b26ab383082a618464d326800) \Device\Harddisk0\DR0\Partition0
19:56:04.0022 4988 \Device\Harddisk0\DR0\Partition0 - ok
19:56:04.0032 4988 Boot (0x1200) (750f3efd2d8c55f39557e72b73357ef8) \Device\Harddisk0\DR0\Partition1
19:56:04.0035 4988 \Device\Harddisk0\DR0\Partition1 - ok
19:56:04.0065 4988 Boot (0x1200) (e31dd476c4c2a8ae5c536f99ff91406c) \Device\Harddisk0\DR0\Partition2
19:56:04.0068 4988 \Device\Harddisk0\DR0\Partition2 - ok
19:56:04.0069 4988 ============================================================
19:56:04.0069 4988 Scan finished
19:56:04.0069 4988 ============================================================
19:56:04.0084 6148 Detected object count: 0
19:56:04.0084 6148 Actual detected object count: 0
19:59:05.0725 4384 Deinitialize success





aswMBR.exe log is as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 20:02:15
-----------------------------
20:02:15.948 OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:15.948 Number of processors: 8 586 0x2A07
20:02:15.949 ComputerName: PLUTO UserName:
20:02:17.579 Initialize success
20:03:10.599 AVAST engine download error: 0
20:03:22.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:03:22.331 Disk 0 Vendor: WDC_WD75 02.0 Size: 715404MB BusType: 3
20:03:22.336 Disk 0 MBR read successfully
20:03:22.338 Disk 0 MBR scan
20:03:22.339 Disk 0 Windows 7 default MBR code
20:03:22.344 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
20:03:22.355 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
20:03:22.357 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
20:03:22.383 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
20:03:22.410 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
20:03:22.446 Disk 0 scanning C:\windows\system32\drivers
20:03:30.291 Service scanning
20:03:50.207 Modules scanning
20:03:50.226 Disk 0 trace - called modules:
20:03:50.245 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:03:50.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80097bf060]
20:03:50.256 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800788a050]
20:03:50.261 Scan finished successfully
20:04:38.347 Disk 0 MBR has been saved successfully to "C:\Users\Pramod\Desktop\MBR.dat"
20:04:38.355 The log file has been saved successfully to "C:\Users\Pramod\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 29 July 2012 - 10:30 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 30 July 2012 - 12:46 AM

Hi,

I ran the OTL.

OTL log is as follows.

OTL logfile created on: 7/29/2012 10:24:25 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Pramod\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.83% Memory free
15.89 Gb Paging File | 13.04 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.69 Gb Total Space | 431.40 Gb Free Space | 65.89% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.24 Gb Free Space | 90.49% Space Free | Partition Type: NTFS

Computer Name: PLUTO | User Name: Pramod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pramod\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
PRC - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
MOD - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CLKMSVC10_3A60B698) -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (MOBK755backup) -- C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ITMRTSVC) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (winioex) -- C:\Windows\SysNative\drivers\winioex.sys (Ensurebit Inc.)
DRV:64bit: - (DelayMan) -- C:\Windows\SysNative\drivers\delayman.sys (Ensurebit Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (MOBK755Filter) -- C:\Windows\SysNative\drivers\MOBK755.sys (Mozy, Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/26 17:36:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/06/14 06:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/26 13:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/01 19:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 21:54:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/26 17:36:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/01 19:34:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 21:54:44 | 000,000,000 | ---D | M]

[2011/11/24 23:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pramod\AppData\Roaming\Mozilla\Extensions
[2012/07/16 10:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\extensions
[2012/04/22 19:47:18 | 000,002,580 | ---- | M] () -- C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\searchplugins\askcom.xml
[2012/05/12 21:14:16 | 000,002,203 | ---- | M] () -- C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\searchplugins\MyStart Search.xml
[2012/05/13 09:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[1832/11/28 21:37:16 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\PRAMOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMU10COA.DEFAULT\EXTENSIONS\ENMJVRXNWW@ENMJVRXNWW.ORG.XPI
[2012/07/01 19:34:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/04/09 14:47:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/05 12:48:17 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pramod\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pramod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Pramod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Pramod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/29 14:32:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120626004638.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626004638.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Pramod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{009837D3-8A00-4602-BC88-E5BD3DED4D49}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 20:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/29 16:11:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/29 14:58:50 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/29 14:17:52 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\Pramod\Desktop\ComboFix.exe
[2012/07/28 20:45:08 | 009,230,024 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/12 09:25:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/12 09:25:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/12 09:25:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/12 09:25:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/12 09:25:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/12 09:25:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/12 09:25:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/12 09:25:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/12 09:25:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/12 09:25:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/12 09:25:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/12 09:25:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/12 09:25:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/11 14:24:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/11 14:24:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/11 14:24:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/11 14:24:34 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/11 14:24:31 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll

========== Files - Modified Within 30 Days ==========

[2012/07/29 22:21:10 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 22:21:08 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 22:21:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/29 20:32:15 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/07/29 20:04:38 | 000,000,512 | ---- | M] () -- C:\Users\Pramod\Desktop\MBR.dat
[2012/07/29 18:15:01 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 18:15:01 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 18:12:12 | 000,001,122 | ---- | M] () -- C:\Users\Pramod\Desktop\Cyberlink Power2Go.lnk
[2012/07/29 18:10:33 | 000,159,774 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/07/29 18:10:22 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 18:07:11 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 14:32:01 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/29 14:18:11 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\Pramod\Desktop\ComboFix.exe
[2012/07/29 14:01:58 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/29 14:01:58 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/29 14:01:58 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/28 20:45:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/07/28 20:45:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/28 20:45:08 | 009,230,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/21 17:46:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 09:47:46 | 000,309,352 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/29 20:04:38 | 000,000,512 | ---- | C] () -- C:\Users\Pramod\Desktop\MBR.dat
[2012/05/17 01:13:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/17 01:13:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/13 19:16:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/13 19:16:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/13 19:16:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/13 14:46:04 | 000,000,039 | ---- | C] () -- C:\Users\Pramod\AppData\Roaming\mbam.context.scan
[2012/05/13 09:21:04 | 000,000,084 | ---- | C] () -- C:\windows\wininit.ini
[2012/04/20 07:26:31 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/04/18 08:30:23 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/26 17:21:33 | 000,182,427 | ---- | C] () -- C:\windows\hpwins10.dat
[2012/02/26 17:21:33 | 000,000,372 | ---- | C] () -- C:\windows\hpwmdl10.dat
[2012/01/11 09:30:05 | 000,002,048 | -HS- | C] () -- C:\Users\Pramod\AppData\Local\{e24a8f4a-9bee-e125-786f-8b3b2dfd664e}\@
[2011/11/24 23:03:16 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/21 05:11:36 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/07/21 05:11:36 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/07/21 04:56:28 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/07/21 04:56:28 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/07/21 04:56:28 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/07/21 04:56:28 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/07/21 04:56:24 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/07/21 04:53:58 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2011/07/21 04:53:58 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2011/07/21 04:53:58 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2011/07/21 04:53:58 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2011/07/21 04:53:58 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2011/07/21 04:44:03 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2011/07/21 04:44:03 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2011/07/21 04:44:03 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2011/07/21 04:44:03 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2011/07/21 04:44:03 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2011/07/21 04:44:03 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2011/07/21 04:41:21 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/07/21 04:09:04 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

< End of report >


Pramod

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 30 July 2012 - 12:06 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
    O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\Run: [Power2GoExpress] NA File not found
    O4 - HKU\S-1-5-21-2138236807-1451817511-1320269885-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2012/04/22 19:47:18 | 000,002,580 | ---- | M] () -- C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\searchplugins\askcom.xml
    [2012/05/12 21:14:16 | 000,002,203 | ---- | M] () -- C:\Users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\searchplugins\MyStart Search.xml
    [1832/11/28 21:37:16 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\PRAMOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMU10COA.DEFAULT\EXTENSIONS\ENMJVRXNWW@ENMJVRXNWW.ORG.XPI
    :Files
    C:\Users\Pramod\AppData\Local\{e24a8f4a-9bee-e125-786f-8b3b2dfd664e}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 30 July 2012 - 06:12 PM

Hi,
I ran the OTL with the script,it completed its work, but by mistake i closed the log instead of saving it.Do i run it again ?
Please advise

Pramod

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 30 July 2012 - 10:15 PM

just let me know how things are doing



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 July 2012 - 01:35 AM

Hi,
Thank you so much for your help .
I am not getting redirected anymore. I found a folder created today called the _OTL in my c:.Do I delete this ?
I just had a quick question - How do I ensure that my system is well protected ? Any help in that direction would be great.

You guys are doing a fabulous job.How do we donate for this cause ?

Thank You ,

Pramod

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:42 AM

Posted 31 July 2012 - 01:41 AM

Greetings

I found a folder created today called the _OTL in my c:.Do I delete this ? - I will remove this in time

How do I ensure that my system is well protected ? - just stay with me till the end and I will make sure it is as protected as can be

You guys are doing a fabulous job.How do we donate for this cause ? - just click on my link below

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 googly10194

googly10194
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 July 2012 - 02:55 AM

Hi,
I am not getting redirected in google search on firefox.

Combofix log file is as follows

ComboFix 12-07-30.03 - Pramod 07/31/2012 0:26.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.6491 [GMT -7:00]
Running from: c:\users\Pramod\Desktop\ComboFix.exe
Command switches used :: c:\users\Pramod\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 07:32 . 2012-07-31 07:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 07:32 . 2012-07-31 07:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-31 07:32 . 2012-07-31 07:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-31 07:32 . 2012-07-31 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 07:32 . 2012-07-31 07:32 -------- d-----w- c:\users\Anu\AppData\Local\temp
2012-07-30 23:05 . 2012-07-30 23:05 -------- d-----w- C:\_OTL
2012-07-30 15:26 . 2012-07-30 15:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F907F6E-C187-4EDC-96C5-0F2B74AC1BB7}\offreg.dll
2012-07-30 01:12 . 2012-07-30 01:12 -------- d-----w- c:\users\Public\CyberLink
2012-07-29 21:15 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F907F6E-C187-4EDC-96C5-0F2B74AC1BB7}\mpengine.dll
2012-07-12 16:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 21:25 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 21:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 21:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-02 02:34 . 2012-07-02 02:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-02 02:34 . 2012-07-02 02:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 22:52 . 2012-06-03 19:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 22:52 . 2011-11-25 16:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 16:26 . 2011-12-05 20:10 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2012-06-29 23:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 16:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-12 17:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:28 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:28 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-29_21.59.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-29 23:58 . 2012-07-29 23:58 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-22 16:55 . 2012-07-22 16:55 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-07-30 22:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-29 03:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-30 22:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 03:45 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 03:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-30 22:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-30 01:09 47948 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 01:09 38590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-24 13:52 . 2012-07-31 04:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-24 13:52 . 2012-07-29 21:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-24 13:52 . 2012-07-31 04:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-24 13:52 . 2012-07-29 21:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-31 04:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 21:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-15 21:08 . 2012-07-12 16:46 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-15 21:08 . 2012-07-29 23:10 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-26 16:50 . 2012-07-30 01:09 8974 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2138236807-1451817511-1320269885-1001_UserData.bin
- 2012-07-22 16:56 . 2012-07-22 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 01:07 . 2012-07-30 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-22 16:56 . 2012-07-22 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-30 01:07 . 2012-07-30 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-30 22:52 . 2012-07-30 22:52 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-06-03 19:38 . 2012-07-30 22:52 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-06-03 19:38 . 2012-07-29 03:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-11-25 15:40 . 2012-07-31 05:36 291496 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-11-25 08:51 . 2012-07-31 06:12 305628 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-07-30 22:52 . 2012-07-30 22:52 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2009-07-14 05:01 . 2012-07-29 23:58 292324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-22 16:52 292324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-30 22:52 . 2012-07-30 22:52 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-30 22:52 . 2012-07-30 22:52 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
+ 2012-01-12 22:38 . 2012-07-29 23:10 4093416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1001-4096.dat
+ 2012-07-30 22:52 . 2012-07-30 22:52 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2011-12-05 20:13 . 2012-07-29 23:58 60394776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2138236807-1451817511-1320269885-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-25 75048]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-07-21 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\users\Pramod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_3A60B698;CyberLink Product - 2011/07/21 11:50;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2010-10-13 240112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 250056]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-07-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-07-21 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-31 25960]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-07-21 13408]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 MOBK755Filter;MOBK755Filter;c:\windows\system32\DRIVERS\MOBK755.sys [2010-09-20 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [2011-07-21 15456]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 MOBK755backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-01 2009704]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-07-21 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [2011-07-21 20064]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-03-31 412712]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 07613334
*NewlyCreated* - ASWMBR
*Deregistered* - 07613334
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_3A60B698
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 22:52]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 11:48]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 11:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK755]
@="{f378ff85-8d0a-cbe6-4735-3a67760db6bb}"
[HKEY_CLASSES_ROOT\CLSID\{f378ff85-8d0a-cbe6-4735-3a67760db6bb}]
2010-09-20 10:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7552]
@="{8406002f-3c7e-565d-de02-414c2856a50b}"
[HKEY_CLASSES_ROOT\CLSID\{8406002f-3c7e-565d-de02-414c2856a50b}]
2010-09-20 10:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7553]
@="{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}"
[HKEY_CLASSES_ROOT\CLSID\{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}]
2010-09-20 10:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-07-21 11:56 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-07-21 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-07-21 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-07-21 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-07-21 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pramod\AppData\Roaming\Mozilla\Firefox\Profiles\vmu10coa.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-31 00:34:30
ComboFix-quarantined-files.txt 2012-07-31 07:34
ComboFix2.txt 2012-07-29 22:29
ComboFix3.txt 2012-05-18 06:01
ComboFix4.txt 2012-05-17 08:22
.
Pre-Run: 462,796,492,800 bytes free
Post-Run: 464,323,510,272 bytes free
.
- - End Of File - - 6D679FF711A7D428D80DF574F878ADFC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users