Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirecting to undesirable websites


  • This topic is locked This topic is locked
31 replies to this topic

#1 auriga

auriga

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 September 2012 - 01:14 AM

Hello Help-Team,

Since last one week I am unable to view the Google search results in the first attempt. By clicking on the results, I get redirected to advertisement and junk websites. Even though I have blocked some of the sites in IE, they still show up when I click on search results. If I click at least twice or thrice on any search result, I am able to reach to the relevant website at times (click - cancel advertisement website - click - cancel advertisement website - click - see the right website). Without blocking the malacious sites, I cannot see the search results at all. I have tried Malwarebytes, Spyware Doctor, AVG, Unhackme, and Microsoft Security Essentials for dislodging the virus from my computer but nothing has been able to fix the problem totally. Initially Unhackme did indicate that a rootkit is installed and helped in removing it, however, it did not fix the problem completely.

The virus looks to be functional in one user account on my laptop only however I could be mistaken. It has affected both IE and Firefox. I had reinstalled Firefox but that didn't help. I have removed the extra IP addresses of the malacious websites from the host file (the C:\Windows\System32\drivers\etc\hosts) that were added by the virus.

Following are the DDS and GMER logs. Please advise!

Due thanks for any help/advice!


Please see: Upon the suggestion of a friend, I also ran ComboFix.


*******************DDS Log******************************************************

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by ritu-admin at 2:07:12 on 2012-09-18
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.780 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Pole Position Software\LANrevAgent\LANrev Agent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\MPICH2\bin\smpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Pole Position Software\LANrevAgent\LANrevAgentInstallerHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LANrevHelperInstall] c:\program files\pole position software\lanrevagent\LANrevAgentInstallerHelper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04BDEE13-0AC4-45D9-BFF7-27790F862324} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04BDEE13-0AC4-45D9-BFF7-27790F862324}\2516A6B457D61627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04BDEE13-0AC4-45D9-BFF7-27790F862324}\7556374796E6D456564796E67625F6F6D637 : DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
TCP: Interfaces\{04BDEE13-0AC4-45D9-BFF7-27790F862324}\7657563747E2574756871637E2564657 : DhcpNameServer = 128.83.185.41 128.83.185.40
TCP: Interfaces\{7B2B794B-ADF5-48C3-9B7E-9A723F514CD5} : DhcpNameServer = 129.116.126.4 129.114.56.129 129.114.56.140
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LANrevNotificationModule - c:\program files\pole position software\lanrevagent\NotificationModule.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 MpKslad56d1ec;MpKslad56d1ec;c:\programdata\microsoft\microsoft antimalware\definition updates\{cf59b9d7-b97c-4bd2-be82-2deefaa0d59e}\MpKslad56d1ec.sys [2012-9-18 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 LANrev Agent;LANrev Agent;c:\program files\pole position software\lanrevagent\LANrev Agent.exe [2011-7-25 2248704]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-17 676936]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\mpich2\bin\smpd.exe [2011-9-1 483328]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-17 22856]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-16 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-16 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-09-18 06:46:18 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cf59b9d7-b97c-4bd2-be82-2deefaa0d59e}\MpKslad56d1ec.sys
2012-09-17 18:11:22 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-17 17:57:32 98816 ----a-w- c:\windows\sed.exe
2012-09-17 17:57:32 518144 ----a-w- c:\windows\SWREG.exe
2012-09-17 17:57:32 256000 ----a-w- c:\windows\PEV.exe
2012-09-17 17:57:32 208896 ----a-w- c:\windows\MBR.exe
2012-09-17 17:57:24 -------- d-----w- C:\ComboFix
2012-09-17 15:26:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 15:17:45 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cf59b9d7-b97c-4bd2-be82-2deefaa0d59e}\mpengine.dll
2012-09-17 15:17:01 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-15 08:30:49 -------- d-----w- C:\CCleaner
2012-09-15 07:32:01 -------- d-----r- C:\comment.htt
2012-09-15 07:08:34 -------- d-----w- c:\windows\pss
2012-09-14 05:07:23 -------- d-----r- c:\program files\Skype
2012-09-13 11:26:55 -------- d-----w- c:\users\ritu-admin\appdata\roaming\Intel
2012-09-13 11:19:13 -------- d-----w- c:\users\ritu-admin\appdata\roaming\Helios
2012-09-13 11:16:09 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-13 11:16:06 -------- d-----w- c:\program files\common files\PC Tools
2012-09-13 11:16:04 -------- d-----w- c:\program files\PC Tools
2012-09-13 11:14:59 -------- d-----w- c:\programdata\PC Tools
2012-09-13 11:14:57 -------- d-----w- c:\users\ritu-admin\appdata\roaming\TestApp
2012-09-13 05:36:14 -------- d-----w- c:\users\ritu-admin\appdata\local\Mozilla
2012-09-13 05:20:31 -------- d-----w- c:\programdata\RegRun
2012-09-13 05:20:12 2 --shatr- c:\windows\winstart.bat
2012-09-13 05:19:56 -------- d-----w- c:\program files\UnHackMe
2012-09-12 04:33:21 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:33:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:33:19 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:33:19 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:33:19 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:33:18 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-07 22:17:41 -------- d-----w- C:\MIC
.
==================== Find3M ====================
.
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 2:07:33.50 ===============



********************************************** GMER Log ********************************************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-18 17:00:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9120823AS rev.3.ADB
Running: l819d35r.exe; Driver: C:\Users\RITU-A~1\AppData\Local\Temp\afloyuoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C803C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB9D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F21D340, 0x3EE2B7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2604] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2748] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2764] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4388] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5096] kernel32.dll!SetUnhandledExceptionFilter 778EF4FB 5 Bytes JMP 67DE6376 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5096] ole32.dll!OleLoadFromStream 77376143 5 Bytes JMP 686A5530 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5532] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] kernel32.dll!CreateThread 778EDCC2 5 Bytes JMP 633975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!EnableWindow 75BE8D02 5 Bytes JMP 633D9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!CallNextHookEx 75BEABE1 5 Bytes JMP 633F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!UnhookWindowsHookEx 75BEADF9 5 Bytes JMP 6341ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!DefWindowProcA 75BEBB1C 7 Bytes JMP 6339980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!CreateWindowExA 75BEBF40 5 Bytes JMP 633A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!SetWindowsHookExW 75BEE30C 5 Bytes JMP 633D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!CreateWindowExW 75BEEC7C 5 Bytes JMP 634003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!DefWindowProcW 75BF507D 7 Bytes JMP 633F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!DialogBoxParamW 75C03B9B 5 Bytes JMP 63331893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!DialogBoxIndirectParamW 75C13B7F 5 Bytes JMP 63528EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!DialogBoxParamA 75C2CF42 5 Bytes JMP 63528E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!DialogBoxIndirectParamA 75C2D274 5 Bytes JMP 63528F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!MessageBoxIndirectA 75C3E869 5 Bytes JMP 63528E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!MessageBoxIndirectW 75C3E963 5 Bytes JMP 63528D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!MessageBoxExA 75C3E9C9 5 Bytes JMP 63528D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] USER32.dll!MessageBoxExW 75C3E9ED 5 Bytes JMP 63528CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5724] ole32.dll!OleLoadFromStream 77376143 4 Bytes JMP 635296B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:4044] 9DF69F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b89fc8a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b89fc8a (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\ritu-admin\AppData\Roaming\Microsoft\Windows\Cookies\FV1NZITZ.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by auriga, 20 September 2012 - 01:24 AM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 22 September 2012 - 11:02 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, auriga

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

I'd like you to post the contents of ComboFix log in your next reply.

Down below are the things that I would require for more information gathering.

---------------------------------------------------------------------------------------------------


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
ComboFix log
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 25 September 2012 - 10:04 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 29 September 2012 - 01:09 AM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 auriga

auriga
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 29 September 2012 - 12:29 PM

Thanks a lot conspire and Budapest! I am pasting the logs below. I tried attaching the "MBR.dat" file to this post but I got the following error message: "Error You aren't permitted to upload this kind of file". How should I send this file across to you?

Best Regards,
Auriga


************************************* Combofix Log ************************************************************

ComboFix 12-09-16.01 - ritu-admin 09/17/2012 12:59:53.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.1014 [GMT -5:00]
Running from: c:\users\ra25572\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\ra25572\Documents\~WRL0003.tmp
c:\users\ra25572\Documents\~WRL0005.tmp
c:\users\ra25572\Documents\~WRL0006.tmp
c:\users\ra25572\Documents\~WRL0822.tmp
c:\users\ra25572\Documents\~WRL1319.tmp
c:\users\ra25572\Documents\~WRL1693.tmp
c:\users\ra25572\Documents\~WRL1944.tmp
c:\users\ra25572\Documents\~WRL3966.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 18:08 . 2012-09-17 18:08 -------- d-----w- c:\users\taccster\AppData\Local\temp
2012-09-17 18:08 . 2012-09-17 18:08 -------- d-----w- c:\users\tacc-rjt582-da\AppData\Local\temp
2012-09-17 16:00 . 2012-09-17 16:00 -------- d-----w- c:\users\ra25572\AppData\Local\Mozilla Firefox
2012-09-17 15:52 . 2012-09-17 15:52 -------- d-----w- c:\users\tacc-rjt582-da\AppData\Local\Threat Expert
2012-09-17 15:26 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 15:17 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF59B9D7-B97C-4BD2-BE82-2DEEFAA0D59E}\mpengine.dll
2012-09-17 15:17 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 08:30 . 2012-09-15 08:32 -------- d-----w- C:\CCleaner
2012-09-15 07:32 . 2012-09-15 07:32 -------- d-----r- C:\comment.htt
2012-09-14 05:07 . 2012-09-14 05:07 -------- d-----w- c:\program files\Common Files\Skype
2012-09-14 05:07 . 2012-09-14 05:07 -------- d-----r- c:\program files\Skype
2012-09-13 11:26 . 2012-09-13 11:26 -------- d-----w- c:\users\ritu-admin\AppData\Roaming\Intel
2012-09-13 11:19 . 2012-09-13 11:19 -------- d-----w- c:\users\ritu-admin\AppData\Roaming\Helios
2012-09-13 11:16 . 2012-06-22 20:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-13 11:16 . 2012-09-17 17:57 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-13 11:16 . 2012-09-13 17:37 -------- d-----w- c:\program files\PC Tools
2012-09-13 11:14 . 2012-09-17 17:57 -------- d-----w- c:\programdata\PC Tools
2012-09-13 11:14 . 2012-09-13 11:14 -------- d-----w- c:\users\ritu-admin\AppData\Roaming\TestApp
2012-09-13 05:36 . 2012-09-13 05:36 -------- d-----w- c:\users\ritu-admin\AppData\Local\Mozilla
2012-09-13 05:20 . 2012-09-17 17:57 -------- d-----w- c:\programdata\RegRun
2012-09-13 05:20 . 2012-09-13 11:01 2 --shatr- c:\windows\winstart.bat
2012-09-13 05:19 . 2012-09-17 17:58 -------- d-----w- c:\program files\UnHackMe
2012-09-12 04:33 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:33 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:33 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:33 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:33 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-07 22:17 . 2012-09-13 11:59 -------- d-----w- C:\MIC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 17:47 . 2012-08-15 13:11 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23 . 2012-08-16 14:36 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-15 13:11 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 13:11 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-16 14:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 14:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 14:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 14:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 14:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LANrevHelperInstall"="c:\program files\Pole Position Software\LANrevAgent\LANrevAgentInstallerHelper.exe" [2011-07-25 700416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LANrevNotificationModule]
2011-05-23 20:55 69632 ----a-w- c:\program files\Pole Position Software\LANrevAgent\NotificationModule.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-02 18:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-04-13 20:02 1808784 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-11 19:04 13605408 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-03-11 19:04 96800 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-11 19:04 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-05 03:11 1657376 ----a-w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-13 19:44 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 LANrev Agent;LANrev Agent;c:\program files\Pole Position Software\LANrevAgent\LANrev Agent.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\mpich2\bin\smpd.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
S4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
S4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-963894560-725345543-5562997Core.job
- c:\users\ra25572\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 18:00]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-963894560-725345543-5562997UA.job
- c:\users\ra25572\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 129.116.126.4 129.114.56.129 129.114.56.140
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-17 13:11:17
ComboFix-quarantined-files.txt 2012-09-17 18:11
.
Pre-Run: 60,232,015,872 bytes free
Post-Run: 60,259,737,600 bytes free
.
- - End Of File - - DFBB75AA9ED0322B57405795A26EF0DA




*************************************************************** aswMBR log ***********************************************************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 00:13:59
-----------------------------
00:13:59.865 OS Version: Windows 6.1.7601 Service Pack 1
00:13:59.865 Number of processors: 2 586 0xF0A
00:13:59.865 ComputerName: XXX-YYY-ZZZ UserName: ritu-admin
00:14:35.536 Initialize success
00:18:01.264 AVAST engine defs: 12092801
00:18:20.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:18:20.935 Disk 0 Vendor: ST9120823AS 3.ADB Size: 114473MB BusType: 3
00:18:20.951 Disk 0 MBR read successfully
00:18:20.951 Disk 0 MBR scan
00:18:21.060 Disk 0 Windows 7 default MBR code
00:18:21.076 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:18:21.154 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
00:18:21.201 Disk 0 scanning sectors +234438656
00:18:21.310 Disk 0 scanning C:\Windows\system32\drivers
00:18:40.839 Service scanning
00:19:05.159 Service MpKsl733b1b96 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B05CF169-720F-4A62-894B-2FAD6332F600}\MpKsl733b1b96.sys **LOCKED** 32
00:19:41.881 Modules scanning
00:19:54.816 Disk 0 trace - called modules:
00:19:55.409 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
00:19:55.425 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a5c5f0]
00:19:55.440 3 CLASSPNP.SYS[8925759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8558d908]
00:19:56.064 AVAST engine scan C:\Windows
00:20:00.214 AVAST engine scan C:\Windows\system32
00:24:35.820 AVAST engine scan C:\Windows\system32\drivers
00:24:57.348 AVAST engine scan C:\Users\ritu-admin
00:28:57.355 AVAST engine scan C:\ProgramData
00:30:57.756 Scan finished successfully
00:52:43.128 Disk 0 MBR has been saved successfully to "C:\Users\ritu-admin\Documents\MBR.dat"
00:52:43.206 The log file has been saved successfully to "C:\Users\ritu-admin\Documents\aswMBR.txt"



********************************************************* TDSSKiller log *****************************************************************

00:55:28.0524 1796 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
00:55:29.0038 1796 ============================================================
00:55:29.0038 1796 Current date / time: 2012/09/29 00:55:29.0038
00:55:29.0038 1796 SystemInfo:
00:55:29.0038 1796
00:55:29.0038 1796 OS Version: 6.1.7601 ServicePack: 1.0
00:55:29.0038 1796 Product type: Workstation
00:55:29.0038 1796 ComputerName: XXX-YYY-ZZZ
00:55:29.0038 1796 UserName: ritu-admin
00:55:29.0038 1796 Windows directory: C:\Windows
00:55:29.0038 1796 System windows directory: C:\Windows
00:55:29.0038 1796 Processor architecture: Intel x86
00:55:29.0038 1796 Number of processors: 2
00:55:29.0038 1796 Page size: 0x1000
00:55:29.0038 1796 Boot type: Normal boot
00:55:29.0038 1796 ============================================================
00:55:30.0910 1796 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:55:30.0926 1796 ============================================================
00:55:30.0926 1796 \Device\Harddisk0\DR0:
00:55:30.0942 1796 MBR partitions:
00:55:30.0942 1796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:55:30.0942 1796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
00:55:30.0942 1796 ============================================================
00:55:31.0035 1796 C: <-> \Device\Harddisk0\DR0\Partition2
00:55:31.0035 1796 ============================================================
00:55:31.0035 1796 Initialize success
00:55:31.0035 1796 ============================================================
00:55:36.0558 5044 ============================================================
00:55:36.0558 5044 Scan started
00:55:36.0558 5044 Mode: Manual;
00:55:36.0558 5044 ============================================================
00:55:37.0088 5044 ================ Scan system memory ========================
00:55:37.0088 5044 System memory - ok
00:55:37.0088 5044 ================ Scan services =============================
00:55:37.0260 5044 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:55:37.0260 5044 1394ohci - ok
00:55:37.0322 5044 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:55:37.0322 5044 ACPI - ok
00:55:37.0369 5044 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:55:37.0369 5044 AcpiPmi - ok
00:55:37.0462 5044 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:55:37.0478 5044 AdobeARMservice - ok
00:55:37.0525 5044 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:55:37.0556 5044 adp94xx - ok
00:55:37.0587 5044 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:55:37.0587 5044 adpahci - ok
00:55:37.0618 5044 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:55:37.0618 5044 adpu320 - ok
00:55:37.0650 5044 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:55:37.0650 5044 AeLookupSvc - ok
00:55:37.0696 5044 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
00:55:37.0712 5044 AFD - ok
00:55:37.0743 5044 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
00:55:37.0743 5044 agp440 - ok
00:55:37.0774 5044 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
00:55:37.0790 5044 aic78xx - ok
00:55:37.0821 5044 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
00:55:37.0821 5044 ALG - ok
00:55:37.0868 5044 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
00:55:37.0868 5044 aliide - ok
00:55:37.0884 5044 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:55:37.0884 5044 amdagp - ok
00:55:37.0884 5044 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
00:55:37.0884 5044 amdide - ok
00:55:37.0915 5044 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:55:37.0915 5044 AmdK8 - ok
00:55:37.0930 5044 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:55:37.0930 5044 AmdPPM - ok
00:55:37.0962 5044 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:55:37.0962 5044 amdsata - ok
00:55:37.0977 5044 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:55:37.0977 5044 amdsbs - ok
00:55:37.0993 5044 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:55:37.0993 5044 amdxata - ok
00:55:38.0040 5044 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
00:55:38.0040 5044 ApfiltrService - ok
00:55:38.0086 5044 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
00:55:38.0086 5044 AppID - ok
00:55:38.0118 5044 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:55:38.0118 5044 AppIDSvc - ok
00:55:38.0149 5044 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
00:55:38.0149 5044 Appinfo - ok
00:55:38.0180 5044 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
00:55:38.0180 5044 AppMgmt - ok
00:55:38.0227 5044 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
00:55:38.0227 5044 arc - ok
00:55:38.0258 5044 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:55:38.0258 5044 arcsas - ok
00:55:38.0274 5044 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:55:38.0274 5044 AsyncMac - ok
00:55:38.0305 5044 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
00:55:38.0305 5044 atapi - ok
00:55:38.0367 5044 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:55:38.0367 5044 AudioEndpointBuilder - ok
00:55:38.0414 5044 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:55:38.0414 5044 Audiosrv - ok
00:55:38.0445 5044 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:55:38.0445 5044 AxInstSV - ok
00:55:38.0492 5044 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
00:55:38.0492 5044 b06bdrv - ok
00:55:38.0539 5044 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:55:38.0554 5044 b57nd60x - ok
00:55:38.0586 5044 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
00:55:38.0586 5044 BDESVC - ok
00:55:38.0601 5044 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
00:55:38.0601 5044 Beep - ok
00:55:38.0648 5044 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
00:55:38.0664 5044 BFE - ok
00:55:38.0710 5044 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
00:55:38.0742 5044 BITS - ok
00:55:38.0757 5044 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:55:38.0757 5044 blbdrive - ok
00:55:38.0788 5044 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:55:38.0788 5044 bowser - ok
00:55:38.0820 5044 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:55:38.0820 5044 BrFiltLo - ok
00:55:38.0835 5044 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:55:38.0835 5044 BrFiltUp - ok
00:55:38.0882 5044 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:55:38.0898 5044 BridgeMP - ok
00:55:38.0944 5044 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
00:55:38.0944 5044 Browser - ok
00:55:39.0007 5044 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:55:39.0069 5044 Brserid - ok
00:55:39.0100 5044 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:55:39.0132 5044 BrSerWdm - ok
00:55:39.0178 5044 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:55:39.0178 5044 BrUsbMdm - ok
00:55:39.0194 5044 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:55:39.0210 5044 BrUsbSer - ok
00:55:39.0256 5044 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:55:39.0256 5044 BthEnum - ok
00:55:39.0272 5044 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:55:39.0272 5044 BTHMODEM - ok
00:55:39.0303 5044 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:55:39.0319 5044 BthPan - ok
00:55:39.0350 5044 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:55:39.0366 5044 BTHPORT - ok
00:55:39.0397 5044 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
00:55:39.0397 5044 bthserv - ok
00:55:39.0444 5044 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:55:39.0444 5044 BTHUSB - ok
00:55:39.0537 5044 catchme - ok
00:55:39.0553 5044 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:55:39.0568 5044 cdfs - ok
00:55:39.0600 5044 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:55:39.0600 5044 cdrom - ok
00:55:39.0662 5044 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
00:55:39.0662 5044 CertPropSvc - ok
00:55:39.0678 5044 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:55:39.0693 5044 circlass - ok
00:55:39.0724 5044 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
00:55:39.0724 5044 CLFS - ok
00:55:39.0818 5044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:55:39.0818 5044 clr_optimization_v2.0.50727_32 - ok
00:55:39.0927 5044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:55:39.0958 5044 clr_optimization_v4.0.30319_32 - ok
00:55:39.0974 5044 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:55:39.0974 5044 CmBatt - ok
00:55:40.0021 5044 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:55:40.0021 5044 cmdide - ok
00:55:40.0068 5044 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
00:55:40.0068 5044 CNG - ok
00:55:40.0099 5044 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:55:40.0099 5044 Compbatt - ok
00:55:40.0146 5044 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:55:40.0146 5044 CompositeBus - ok
00:55:40.0161 5044 COMSysApp - ok
00:55:40.0192 5044 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:55:40.0192 5044 crcdisk - ok
00:55:40.0239 5044 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:55:40.0239 5044 CryptSvc - ok
00:55:40.0302 5044 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
00:55:40.0317 5044 CSC - ok
00:55:40.0333 5044 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
00:55:40.0348 5044 CscService - ok
00:55:40.0380 5044 [ 8E1945984E147562F9F08E1D344A69CC ] CSRBC C:\Windows\system32\Drivers\csrbcxp.sys
00:55:40.0380 5044 CSRBC - ok
00:55:40.0411 5044 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
00:55:40.0426 5044 DcomLaunch - ok
00:55:40.0473 5044 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
00:55:40.0473 5044 defragsvc - ok
00:55:40.0536 5044 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:55:40.0582 5044 DfsC - ok
00:55:40.0629 5044 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:55:40.0629 5044 Dhcp - ok
00:55:40.0660 5044 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
00:55:40.0660 5044 discache - ok
00:55:40.0692 5044 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:55:40.0692 5044 Disk - ok
00:55:40.0723 5044 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:55:40.0723 5044 Dnscache - ok
00:55:40.0770 5044 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
00:55:40.0770 5044 dot3svc - ok
00:55:40.0801 5044 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
00:55:40.0816 5044 DPS - ok
00:55:40.0848 5044 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:55:40.0863 5044 drmkaud - ok
00:55:40.0894 5044 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:55:40.0910 5044 DXGKrnl - ok
00:55:40.0941 5044 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
00:55:40.0941 5044 EapHost - ok
00:55:41.0066 5044 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
00:55:41.0144 5044 ebdrv - ok
00:55:41.0175 5044 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
00:55:41.0175 5044 EFS - ok
00:55:41.0238 5044 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:55:41.0269 5044 ehRecvr - ok
00:55:41.0284 5044 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
00:55:41.0300 5044 ehSched - ok
00:55:41.0347 5044 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:55:41.0362 5044 elxstor - ok
00:55:41.0394 5044 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:55:41.0409 5044 ErrDev - ok
00:55:41.0456 5044 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
00:55:41.0472 5044 EventSystem - ok
00:55:41.0581 5044 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:55:41.0612 5044 EvtEng - ok
00:55:41.0643 5044 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
00:55:41.0643 5044 exfat - ok
00:55:41.0659 5044 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:55:41.0659 5044 fastfat - ok
00:55:41.0721 5044 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
00:55:41.0752 5044 Fax - ok
00:55:41.0768 5044 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:55:41.0768 5044 fdc - ok
00:55:41.0799 5044 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
00:55:41.0799 5044 fdPHost - ok
00:55:41.0799 5044 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
00:55:41.0799 5044 FDResPub - ok
00:55:41.0815 5044 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:55:41.0815 5044 FileInfo - ok
00:55:41.0830 5044 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:55:41.0830 5044 Filetrace - ok
00:55:41.0924 5044 [ 886293515B0C9CDD0DE967A6B8DCE90E ] FlipShare Service C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
00:55:41.0940 5044 FlipShare Service - ok
00:55:41.0955 5044 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:55:41.0955 5044 flpydisk - ok
00:55:42.0002 5044 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:55:42.0002 5044 FltMgr - ok
00:55:42.0049 5044 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
00:55:42.0080 5044 FontCache - ok
00:55:42.0142 5044 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:55:42.0142 5044 FontCache3.0.0.0 - ok
00:55:42.0158 5044 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:55:42.0158 5044 FsDepends - ok
00:55:42.0205 5044 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:55:42.0205 5044 fssfltr - ok
00:55:42.0314 5044 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:55:42.0376 5044 fsssvc - ok
00:55:42.0423 5044 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:55:42.0423 5044 Fs_Rec - ok
00:55:42.0454 5044 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:55:42.0454 5044 fvevol - ok
00:55:42.0486 5044 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:55:42.0501 5044 gagp30kx - ok
00:55:42.0532 5044 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
00:55:42.0548 5044 gpsvc - ok
00:55:42.0579 5044 [ F058C5F64DFF28A2C8D7D1D04171E604 ] guardian2 C:\Windows\system32\Drivers\oz776.sys
00:55:42.0595 5044 guardian2 - ok
00:55:42.0595 5044 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:55:42.0610 5044 hcw85cir - ok
00:55:42.0657 5044 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:55:42.0657 5044 HdAudAddService - ok
00:55:42.0673 5044 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:55:42.0688 5044 HDAudBus - ok
00:55:42.0704 5044 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:55:42.0704 5044 HidBatt - ok
00:55:42.0704 5044 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:55:42.0720 5044 HidBth - ok
00:55:42.0720 5044 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:55:42.0735 5044 HidIr - ok
00:55:42.0766 5044 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
00:55:42.0766 5044 hidserv - ok
00:55:42.0829 5044 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:55:42.0829 5044 HidUsb - ok
00:55:42.0876 5044 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:55:42.0876 5044 hkmsvc - ok
00:55:42.0922 5044 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:55:42.0922 5044 HomeGroupListener - ok
00:55:42.0969 5044 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:55:42.0969 5044 HomeGroupProvider - ok
00:55:43.0016 5044 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:55:43.0016 5044 HpSAMD - ok
00:55:43.0078 5044 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:55:43.0078 5044 HTTP - ok
00:55:43.0125 5044 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:55:43.0125 5044 hwpolicy - ok
00:55:43.0172 5044 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:55:43.0172 5044 i8042prt - ok
00:55:43.0203 5044 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:55:43.0219 5044 iaStorV - ok
00:55:43.0281 5044 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:55:43.0297 5044 idsvc - ok
00:55:43.0328 5044 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:55:43.0328 5044 iirsp - ok
00:55:43.0390 5044 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
00:55:43.0406 5044 IKEEXT - ok
00:55:43.0453 5044 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
00:55:43.0453 5044 intelide - ok
00:55:43.0484 5044 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:55:43.0484 5044 intelppm - ok
00:55:43.0515 5044 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:55:43.0515 5044 IPBusEnum - ok
00:55:43.0531 5044 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:55:43.0531 5044 IpFilterDriver - ok
00:55:43.0562 5044 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:55:43.0578 5044 iphlpsvc - ok
00:55:43.0609 5044 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:55:43.0624 5044 IPMIDRV - ok
00:55:43.0640 5044 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:55:43.0640 5044 IPNAT - ok
00:55:43.0671 5044 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:55:43.0671 5044 IRENUM - ok
00:55:43.0687 5044 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:55:43.0687 5044 isapnp - ok
00:55:43.0702 5044 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:55:43.0702 5044 iScsiPrt - ok
00:55:43.0734 5044 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:55:43.0734 5044 kbdclass - ok
00:55:43.0765 5044 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:55:43.0765 5044 kbdhid - ok
00:55:43.0780 5044 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
00:55:43.0780 5044 KeyIso - ok
00:55:43.0812 5044 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:55:43.0812 5044 KSecDD - ok
00:55:43.0858 5044 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:55:43.0858 5044 KSecPkg - ok
00:55:43.0890 5044 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
00:55:43.0905 5044 KtmRm - ok
00:55:43.0936 5044 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
00:55:43.0952 5044 LanmanServer - ok
00:55:43.0983 5044 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:55:43.0983 5044 LanmanWorkstation - ok
00:55:44.0139 5044 [ 27B7970EB674F0404486DAADE066EAC0 ] LANrev Agent C:\Program Files\Pole Position Software\LANrevAgent\LANrev Agent.exe
00:55:44.0202 5044 LANrev Agent - ok
00:55:44.0326 5044 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:55:44.0326 5044 lltdio - ok
00:55:44.0373 5044 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:55:44.0373 5044 lltdsvc - ok
00:55:44.0389 5044 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
00:55:44.0389 5044 lmhosts - ok
00:55:44.0420 5044 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:55:44.0420 5044 LSI_FC - ok
00:55:44.0436 5044 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:55:44.0436 5044 LSI_SAS - ok
00:55:44.0451 5044 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:55:44.0451 5044 LSI_SAS2 - ok
00:55:44.0467 5044 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:55:44.0467 5044 LSI_SCSI - ok
00:55:44.0482 5044 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
00:55:44.0482 5044 luafv - ok
00:55:44.0514 5044 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:55:44.0514 5044 MBAMProtector - ok
00:55:44.0592 5044 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:55:44.0592 5044 MBAMScheduler - ok
00:55:44.0638 5044 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:55:44.0654 5044 MBAMService - ok
00:55:44.0685 5044 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:55:44.0685 5044 Mcx2Svc - ok
00:55:44.0716 5044 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:55:44.0716 5044 megasas - ok
00:55:44.0748 5044 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:55:44.0763 5044 MegaSR - ok
00:55:44.0826 5044 Microsoft SharePoint Workspace Audit Service - ok
00:55:44.0857 5044 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
00:55:44.0857 5044 MMCSS - ok
00:55:44.0872 5044 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
00:55:44.0872 5044 Modem - ok
00:55:44.0888 5044 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:55:44.0888 5044 monitor - ok
00:55:44.0919 5044 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:55:44.0919 5044 mouclass - ok
00:55:44.0950 5044 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:55:44.0950 5044 mouhid - ok
00:55:44.0982 5044 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:55:44.0982 5044 mountmgr - ok
00:55:45.0044 5044 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:55:45.0044 5044 MpFilter - ok
00:55:45.0138 5044 [ 7A76658FC8D02408C4DC09F36535FCE9 ] mpich2_smpd C:\MPICH2\bin\smpd.exe
00:55:45.0278 5044 mpich2_smpd - ok
00:55:45.0309 5044 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
00:55:45.0309 5044 mpio - ok
00:55:45.0450 5044 [ A69630D039C38018689190234F866D77 ] MpKsl733b1b96 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B05CF169-720F-4A62-894B-2FAD6332F600}\MpKsl733b1b96.sys
00:55:45.0450 5044 MpKsl733b1b96 - ok
00:55:45.0481 5044 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:55:45.0481 5044 mpsdrv - ok
00:55:45.0528 5044 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:55:45.0559 5044 MpsSvc - ok
00:55:45.0590 5044 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:55:45.0590 5044 MRxDAV - ok
00:55:45.0652 5044 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:55:45.0652 5044 mrxsmb - ok
00:55:45.0684 5044 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:55:45.0699 5044 mrxsmb10 - ok
00:55:45.0715 5044 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:55:45.0715 5044 mrxsmb20 - ok
00:55:45.0730 5044 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
00:55:45.0730 5044 msahci - ok
00:55:45.0777 5044 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:55:45.0777 5044 msdsm - ok
00:55:45.0793 5044 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
00:55:45.0793 5044 MSDTC - ok
00:55:45.0824 5044 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:55:45.0824 5044 Msfs - ok
00:55:45.0840 5044 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:55:45.0840 5044 mshidkmdf - ok
00:55:45.0855 5044 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:55:45.0855 5044 msisadrv - ok
00:55:45.0902 5044 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:55:45.0902 5044 MSiSCSI - ok
00:55:45.0902 5044 msiserver - ok
00:55:45.0933 5044 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:55:45.0933 5044 MSKSSRV - ok
00:55:45.0980 5044 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:55:45.0996 5044 MsMpSvc - ok
00:55:46.0011 5044 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:55:46.0011 5044 MSPCLOCK - ok
00:55:46.0027 5044 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:55:46.0027 5044 MSPQM - ok
00:55:46.0058 5044 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:55:46.0058 5044 MsRPC - ok
00:55:46.0089 5044 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:55:46.0089 5044 mssmbios - ok
00:55:46.0105 5044 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:55:46.0105 5044 MSTEE - ok
00:55:46.0120 5044 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:55:46.0120 5044 MTConfig - ok
00:55:46.0136 5044 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
00:55:46.0136 5044 Mup - ok
00:55:46.0183 5044 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
00:55:46.0214 5044 napagent - ok
00:55:46.0261 5044 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:55:46.0261 5044 NativeWifiP - ok
00:55:46.0323 5044 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:55:46.0354 5044 NDIS - ok
00:55:46.0370 5044 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:55:46.0370 5044 NdisCap - ok
00:55:46.0401 5044 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:46.0401 5044 NdisTapi - ok
00:55:46.0448 5044 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:46.0448 5044 Ndisuio - ok
00:55:46.0495 5044 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:46.0495 5044 NdisWan - ok
00:55:46.0542 5044 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:55:46.0542 5044 NDProxy - ok
00:55:46.0573 5044 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:55:46.0573 5044 NetBIOS - ok
00:55:46.0604 5044 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:55:46.0604 5044 NetBT - ok
00:55:46.0620 5044 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
00:55:46.0620 5044 Netlogon - ok
00:55:46.0666 5044 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
00:55:46.0666 5044 Netman - ok
00:55:46.0698 5044 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
00:55:46.0713 5044 netprofm - ok
00:55:46.0729 5044 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:55:46.0729 5044 NetTcpPortSharing - ok
00:55:46.0900 5044 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
00:55:47.0041 5044 netw5v32 - ok
00:55:47.0072 5044 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:55:47.0088 5044 nfrd960 - ok
00:55:47.0119 5044 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:55:47.0119 5044 NisDrv - ok
00:55:47.0150 5044 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:55:47.0150 5044 NisSrv - ok
00:55:47.0181 5044 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:55:47.0181 5044 NlaSvc - ok
00:55:47.0197 5044 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:55:47.0197 5044 Npfs - ok
00:55:47.0228 5044 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
00:55:47.0228 5044 nsi - ok
00:55:47.0259 5044 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:55:47.0259 5044 nsiproxy - ok
00:55:47.0337 5044 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:55:47.0368 5044 Ntfs - ok
00:55:47.0384 5044 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
00:55:47.0400 5044 Null - ok
00:55:47.0634 5044 [ 6169535A7B2120A6F13D2CFB4ACC48FC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:55:47.0883 5044 nvlddmkm - ok
00:55:47.0977 5044 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:55:47.0992 5044 nvraid - ok
00:55:48.0024 5044 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:55:48.0024 5044 nvstor - ok
00:55:48.0055 5044 [ 9A009A24FF3569028C65CC7726E11853 ] nvsvc C:\Windows\system32\nvvsvc.exe
00:55:48.0055 5044 nvsvc - ok
00:55:48.0070 5044 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:55:48.0070 5044 nv_agp - ok
00:55:48.0117 5044 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:55:48.0117 5044 ohci1394 - ok
00:55:48.0180 5044 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:55:48.0180 5044 ose - ok
00:55:48.0382 5044 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:55:48.0523 5044 osppsvc - ok
00:55:48.0570 5044 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:55:48.0570 5044 p2pimsvc - ok
00:55:48.0648 5044 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
00:55:48.0663 5044 p2psvc - ok
00:55:48.0710 5044 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:55:48.0710 5044 Parport - ok
00:55:48.0757 5044 Partizan - ok
00:55:48.0788 5044 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:55:48.0788 5044 partmgr - ok
00:55:48.0804 5044 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
00:55:48.0804 5044 Parvdm - ok
00:55:48.0835 5044 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:55:48.0835 5044 PcaSvc - ok
00:55:48.0882 5044 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
00:55:48.0882 5044 pci - ok
00:55:48.0913 5044 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
00:55:48.0913 5044 pciide - ok
00:55:48.0944 5044 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:55:48.0944 5044 pcmcia - ok
00:55:48.0960 5044 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
00:55:48.0960 5044 pcw - ok
00:55:48.0991 5044 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:55:49.0006 5044 PEAUTH - ok
00:55:49.0053 5044 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:55:49.0100 5044 PeerDistSvc - ok
00:55:49.0209 5044 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
00:55:49.0256 5044 pla - ok
00:55:49.0303 5044 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:55:49.0318 5044 PlugPlay - ok
00:55:49.0334 5044 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:55:49.0350 5044 PNRPAutoReg - ok
00:55:49.0365 5044 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:55:49.0365 5044 PNRPsvc - ok
00:55:49.0396 5044 [ 7D7A9C17D5455203DEA11E5EF886CC59 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
00:55:49.0396 5044 Point32 - ok
00:55:49.0459 5044 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:55:49.0474 5044 PolicyAgent - ok
00:55:49.0490 5044 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
00:55:49.0506 5044 Power - ok
00:55:49.0537 5044 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:55:49.0552 5044 PptpMiniport - ok
00:55:49.0568 5044 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:55:49.0568 5044 Processor - ok
00:55:49.0599 5044 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
00:55:49.0615 5044 ProfSvc - ok
00:55:49.0630 5044 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:55:49.0630 5044 ProtectedStorage - ok
00:55:49.0662 5044 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:55:49.0662 5044 Psched - ok
00:55:49.0708 5044 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:55:49.0755 5044 ql2300 - ok
00:55:49.0786 5044 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:55:49.0786 5044 ql40xx - ok
00:55:49.0818 5044 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
00:55:49.0833 5044 QWAVE - ok
00:55:49.0833 5044 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:55:49.0833 5044 QWAVEdrv - ok
00:55:49.0849 5044 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:55:49.0849 5044 RasAcd - ok
00:55:49.0864 5044 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:55:49.0864 5044 RasAgileVpn - ok
00:55:49.0880 5044 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
00:55:49.0880 5044 RasAuto - ok
00:55:49.0911 5044 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:55:49.0911 5044 Rasl2tp - ok
00:55:49.0974 5044 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
00:55:49.0989 5044 RasMan - ok
00:55:50.0020 5044 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:55:50.0020 5044 RasPppoe - ok
00:55:50.0052 5044 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:55:50.0052 5044 RasSstp - ok
00:55:50.0098 5044 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:55:50.0098 5044 rdbss - ok
00:55:50.0130 5044 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:55:50.0130 5044 rdpbus - ok
00:55:50.0176 5044 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:55:50.0176 5044 RDPCDD - ok
00:55:50.0192 5044 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:55:50.0192 5044 RDPDR - ok
00:55:50.0223 5044 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:55:50.0223 5044 RDPENCDD - ok
00:55:50.0239 5044 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:55:50.0239 5044 RDPREFMP - ok
00:55:50.0286 5044 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:55:50.0286 5044 RdpVideoMiniport - ok
00:55:50.0332 5044 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:55:50.0348 5044 RDPWD - ok
00:55:50.0395 5044 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:55:50.0410 5044 rdyboost - ok
00:55:50.0504 5044 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:55:50.0520 5044 RegSrvc - ok
00:55:50.0551 5044 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
00:55:50.0566 5044 RemoteAccess - ok
00:55:50.0582 5044 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:55:50.0582 5044 RemoteRegistry - ok
00:55:50.0644 5044 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:55:50.0644 5044 RFCOMM - ok
00:55:50.0660 5044 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:55:50.0660 5044 RpcEptMapper - ok
00:55:50.0676 5044 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
00:55:50.0691 5044 RpcLocator - ok
00:55:50.0707 5044 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
00:55:50.0707 5044 RpcSs - ok
00:55:50.0754 5044 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:55:50.0754 5044 rspndr - ok
00:55:50.0785 5044 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:55:50.0785 5044 s3cap - ok
00:55:50.0785 5044 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
00:55:50.0800 5044 SamSs - ok
00:55:50.0816 5044 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:55:50.0816 5044 sbp2port - ok
00:55:50.0847 5044 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:55:50.0847 5044 SCardSvr - ok
00:55:50.0863 5044 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:55:50.0863 5044 scfilter - ok
00:55:50.0925 5044 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
00:55:50.0941 5044 Schedule - ok
00:55:50.0956 5044 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:55:50.0956 5044 SCPolicySvc - ok
00:55:50.0988 5044 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:55:51.0003 5044 SDRSVC - ok
00:55:51.0034 5044 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:55:51.0034 5044 secdrv - ok
00:55:51.0066 5044 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
00:55:51.0066 5044 seclogon - ok
00:55:51.0097 5044 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
00:55:51.0097 5044 SENS - ok
00:55:51.0128 5044 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:55:51.0144 5044 SensrSvc - ok
00:55:51.0159 5044 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:55:51.0159 5044 Serenum - ok
00:55:51.0175 5044 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:55:51.0190 5044 Serial - ok
00:55:51.0222 5044 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:55:51.0222 5044 sermouse - ok
00:55:51.0268 5044 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
00:55:51.0268 5044 SessionEnv - ok
00:55:51.0300 5044 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:55:51.0300 5044 sffdisk - ok
00:55:51.0315 5044 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:55:51.0315 5044 sffp_mmc - ok
00:55:51.0331 5044 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:55:51.0331 5044 sffp_sd - ok
00:55:51.0362 5044 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:55:51.0362 5044 sfloppy - ok
00:55:51.0378 5044 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:55:51.0393 5044 SharedAccess - ok
00:55:51.0424 5044 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:55:51.0440 5044 ShellHWDetection - ok
00:55:51.0471 5044 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:55:51.0471 5044 sisagp - ok
00:55:51.0502 5044 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:55:51.0502 5044 SiSRaid2 - ok
00:55:51.0518 5044 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:55:51.0518 5044 SiSRaid4 - ok
00:55:51.0596 5044 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:55:51.0612 5044 SkypeUpdate - ok
00:55:51.0643 5044 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:55:51.0643 5044 Smb - ok
00:55:51.0690 5044 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:55:51.0690 5044 SNMPTRAP - ok
00:55:51.0721 5044 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
00:55:51.0721 5044 spldr - ok
00:55:51.0768 5044 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
00:55:51.0783 5044 Spooler - ok
00:55:51.0908 5044 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
00:55:52.0002 5044 sppsvc - ok
00:55:52.0048 5044 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:55:52.0048 5044 sppuinotify - ok
00:55:52.0095 5044 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:55:52.0111 5044 srv - ok
00:55:52.0126 5044 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:55:52.0142 5044 srv2 - ok
00:55:52.0158 5044 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:55:52.0158 5044 SrvHsfHDA - ok
00:55:52.0189 5044 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:55:52.0236 5044 SrvHsfV92 - ok
00:55:52.0267 5044 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:55:52.0282 5044 SrvHsfWinac - ok
00:55:52.0298 5044 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:55:52.0298 5044 srvnet - ok
00:55:52.0329 5044 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:55:52.0329 5044 SSDPSRV - ok
00:55:52.0345 5044 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:55:52.0345 5044 SstpSvc - ok
00:55:52.0376 5044 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
00:55:52.0392 5044 STacSV - ok
00:55:52.0407 5044 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:55:52.0407 5044 stexstor - ok
00:55:52.0438 5044 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
00:55:52.0438 5044 STHDA - ok
00:55:52.0485 5044 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
00:55:52.0501 5044 StiSvc - ok
00:55:52.0532 5044 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:55:52.0548 5044 storflt - ok
00:55:52.0579 5044 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
00:55:52.0579 5044 StorSvc - ok
00:55:52.0594 5044 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:55:52.0594 5044 storvsc - ok
00:55:52.0626 5044 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
00:55:52.0626 5044 swenum - ok
00:55:52.0641 5044 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
00:55:52.0657 5044 swprv - ok
00:55:52.0657 5044 Synth3dVsc - ok
00:55:52.0735 5044 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
00:55:52.0766 5044 SysMain - ok
00:55:52.0813 5044 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:55:52.0813 5044 TabletInputService - ok
00:55:52.0875 5044 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
00:55:52.0891 5044 TapiSrv - ok
00:55:52.0922 5044 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
00:55:52.0922 5044 TBS - ok
00:55:52.0984 5044 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:55:53.0031 5044 Tcpip - ok
00:55:53.0078 5044 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:55:53.0094 5044 TCPIP6 - ok
00:55:53.0125 5044 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:55:53.0125 5044 tcpipreg - ok
00:55:53.0156 5044 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:55:53.0156 5044 TDPIPE - ok
00:55:53.0203 5044 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:55:53.0203 5044 TDTCP - ok
00:55:53.0234 5044 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:55:53.0234 5044 tdx - ok
00:55:53.0281 5044 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:55:53.0281 5044 TermDD - ok
00:55:53.0328 5044 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
00:55:53.0359 5044 TermService - ok
00:55:53.0390 5044 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
00:55:53.0390 5044 Themes - ok
00:55:53.0406 5044 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
00:55:53.0406 5044 THREADORDER - ok
00:55:53.0421 5044 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
00:55:53.0421 5044 TrkWks - ok
00:55:53.0484 5044 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:55:53.0484 5044 TrustedInstaller - ok
00:55:53.0530 5044 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:55:53.0530 5044 tssecsrv - ok
00:55:53.0562 5044 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:55:53.0562 5044 TsUsbFlt - ok
00:55:53.0577 5044 tsusbhub - ok
00:55:53.0624 5044 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:55:53.0624 5044 tunnel - ok
00:55:53.0671 5044 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:55:53.0671 5044 uagp35 - ok
00:55:53.0733 5044 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:55:53.0749 5044 udfs - ok
00:55:53.0796 5044 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:55:53.0796 5044 UI0Detect - ok
00:55:53.0827 5044 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:55:53.0827 5044 uliagpkx - ok
00:55:53.0842 5044 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:55:53.0842 5044 umbus - ok
00:55:53.0874 5044 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:55:53.0874 5044 UmPass - ok
00:55:53.0905 5044 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
00:55:53.0936 5044 UmRdpService - ok
00:55:53.0952 5044 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
00:55:53.0967 5044 upnphost - ok
00:55:53.0998 5044 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:55:53.0998 5044 usbccgp - ok
00:55:54.0030 5044 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:55:54.0045 5044 usbcir - ok
00:55:54.0061 5044 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:55:54.0061 5044 usbehci - ok
00:55:54.0092 5044 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:55:54.0108 5044 usbhub - ok
00:55:54.0123 5044 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:55:54.0123 5044 usbohci - ok
00:55:54.0154 5044 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:55:54.0170 5044 usbprint - ok
00:55:54.0170 5044 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:55:54.0170 5044 USBSTOR - ok
00:55:54.0186 5044 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:55:54.0186 5044 usbuhci - ok
00:55:54.0232 5044 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
00:55:54.0232 5044 UxSms - ok
00:55:54.0248 5044 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
00:55:54.0248 5044 VaultSvc - ok
00:55:54.0295 5044 [ 49A4673B3E1E167FE5C18F6571D00AF5 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:55:54.0295 5044 VBoxDrv - ok
00:55:54.0342 5044 [ A471884D136DCE3CEC878DDAB5ACAEBE ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:55:54.0342 5044 VBoxNetAdp - ok
00:55:54.0357 5044 [ AF33DC300F15505321EFB49C58016258 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:55:54.0373 5044 VBoxNetFlt - ok
00:55:54.0420 5044 [ 3CDC46BC988CE3921C4E9480A56AFD8E ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:55:54.0420 5044 VBoxUSBMon - ok
00:55:54.0435 5044 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:55:54.0435 5044 vdrvroot - ok
00:55:54.0482 5044 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
00:55:54.0498 5044 vds - ok
00:55:54.0529 5044 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:55:54.0529 5044 vga - ok
00:55:54.0544 5044 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:55:54.0544 5044 VgaSave - ok
00:55:54.0560 5044 VGPU - ok
00:55:54.0591 5044 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:55:54.0591 5044 vhdmp - ok
00:55:54.0622 5044 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:55:54.0622 5044 viaagp - ok
00:55:54.0638 5044 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
00:55:54.0638 5044 ViaC7 - ok
00:55:54.0669 5044 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
00:55:54.0669 5044 viaide - ok
00:55:54.0685 5044 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:55:54.0685 5044 vmbus - ok
00:55:54.0716 5044 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:55:54.0732 5044 VMBusHID - ok
00:55:54.0747 5044 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:55:54.0747 5044 volmgr - ok
00:55:54.0763 5044 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:55:54.0763 5044 volmgrx - ok
00:55:54.0778 5044 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:55:54.0794 5044 volsnap - ok
00:55:54.0810 5044 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:55:54.0810 5044 vsmraid - ok
00:55:54.0872 5044 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
00:55:54.0903 5044 VSS - ok
00:55:54.0919 5044 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:55:54.0919 5044 vwifibus - ok
00:55:54.0950 5044 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
00:55:54.0966 5044 W32Time - ok
00:55:54.0981 5044 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:55:54.0981 5044 WacomPen - ok
00:55:55.0028 5044 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:55:55.0028 5044 WANARP - ok
00:55:55.0044 5044 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:55:55.0044 5044 Wanarpv6 - ok
00:55:55.0137 5044 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:55:55.0184 5044 WatAdminSvc - ok
00:55:55.0246 5044 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
00:55:55.0278 5044 wbengine - ok
00:55:55.0309 5044 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:55:55.0309 5044 WbioSrvc - ok
00:55:55.0356 5044 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:55:55.0387 5044 wcncsvc - ok
00:55:55.0402 5044 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:55:55.0402 5044 WcsPlugInService - ok
00:55:55.0434 5044 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:55:55.0434 5044 Wd - ok
00:55:55.0465 5044 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:55:55.0465 5044 Wdf01000 - ok
00:55:55.0480 5044 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:55:55.0480 5044 WdiServiceHost - ok
00:55:55.0496 5044 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:55:55.0496 5044 WdiSystemHost - ok
00:55:55.0527 5044 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
00:55:55.0543 5044 WebClient - ok
00:55:55.0574 5044 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:55:55.0574 5044 Wecsvc - ok
00:55:55.0590 5044 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:55:55.0605 5044 wercplsupport - ok
00:55:55.0621 5044 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
00:55:55.0636 5044 WerSvc - ok
00:55:55.0652 5044 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:55:55.0652 5044 WfpLwf - ok
00:55:55.0668 5044 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:55:55.0668 5044 WIMMount - ok
00:55:55.0730 5044 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:55:55.0761 5044 WinDefend - ok
00:55:55.0761 5044 WinHttpAutoProxySvc - ok
00:55:55.0824 5044 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:55:55.0824 5044 Winmgmt - ok
00:55:55.0886 5044 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
00:55:55.0933 5044 WinRM - ok
00:55:55.0980 5044 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\drivers\WinUSB.sys
00:55:55.0995 5044 WinUsb - ok
00:55:56.0042 5044 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:55:56.0073 5044 Wlansvc - ok
00:55:56.0136 5044 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:55:56.0151 5044 wlcrasvc - ok
00:55:56.0260 5044 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:55:56.0307 5044 wlidsvc - ok
00:55:56.0354 5044 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:55:56.0354 5044 WmiAcpi - ok
00:55:56.0370 5044 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:55:56.0385 5044 wmiApSrv - ok
00:55:56.0463 5044 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:55:56.0510 5044 WMPNetworkSvc - ok
00:55:56.0510 5044 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:55:56.0526 5044 WPCSvc - ok
00:55:56.0557 5044 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:55:56.0557 5044 WPDBusEnum - ok
00:55:56.0588 5044 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:55:56.0588 5044 ws2ifsl - ok
00:55:56.0604 5044 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
00:55:56.0619 5044 wscsvc - ok
00:55:56.0619 5044 WSearch - ok
00:55:56.0791 5044 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:55:56.0822 5044 wuauserv - ok
00:55:56.0853 5044 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:55:56.0853 5044 WudfPf - ok
00:55:56.0884 5044 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:55:56.0884 5044 WUDFRd - ok
00:55:56.0916 5044 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:55:56.0916 5044 wudfsvc - ok
00:55:56.0947 5044 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:55:56.0947 5044 WwanSvc - ok
00:55:56.0994 5044 ================ Scan global ===============================
00:55:57.0025 5044 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
00:55:57.0072 5044 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
00:55:57.0103 5044 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
00:55:57.0134 5044 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
00:55:57.0150 5044 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
00:55:57.0165 5044 [Global] - ok
00:55:57.0165 5044 ================ Scan MBR ==================================
00:55:57.0165 5044 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:55:57.0337 5044 \Device\Harddisk0\DR0 - ok
00:55:57.0337 5044 ================ Scan VBR ==================================
00:55:57.0337 5044 [ 46A8136CC70F63A2D28978204351E8D3 ] \Device\Harddisk0\DR0\Partition1
00:55:57.0352 5044 \Device\Harddisk0\DR0\Partition1 - ok
00:55:57.0368 5044 [ 1DA1ABE8049ED6ED49C274A2E7995CDA ] \Device\Harddisk0\DR0\Partition2
00:55:57.0368 5044 \Device\Harddisk0\DR0\Partition2 - ok
00:55:57.0368 5044 ============================================================
00:55:57.0368 5044 Scan finished
00:55:57.0368 5044 ============================================================
00:55:57.0384 5480 Detected object count: 0
00:55:57.0384 5480 Actual detected object count: 0
00:56:42.0202 4864 Deinitialize success

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 29 September 2012 - 12:40 PM

Hello,

.dat file extension is restricted for file attachment. You have to Right click that file and select Send To>Compressed (zipped) file.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 auriga

auriga
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 29 September 2012 - 12:56 PM

Thanks Conspire! Attached is the compressed MBR.dat file.

Attached Files

  • Attached File  MBR.zip   559bytes   1 downloads


#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 29 September 2012 - 09:43 PM

You're welcome. :)

Download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 auriga

auriga
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 01 October 2012 - 10:38 AM

Thanks Conspire! I have download the FarBar software and will send the results of scan by Tuesday.

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 01 October 2012 - 11:39 PM

:thumbup2:
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 auriga

auriga
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 02 October 2012 - 01:25 AM

Here is the log from farbar.exe:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2012 01
Ran by SYSTEM at 02-10-2012 00:29:26
Running from F:\
Windows 7 Enterprise (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [LANrevHelperInstall] C:\Program Files\Pole Position Software\LANrevAgent\LANrevAgentInstallerHelper.exe [700416 2011-07-25] (Pole Position Software GmbH)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKU\ra25572\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\ra25572\...\Run: [Google Update] "C:\Users\ra25572\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-20] (Google Inc.)
HKU\ra25572\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\ra25572\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKU\ra25572\...\Run: [Adobe] rundll32.exe "C:\Users\ra25572\AppData\Local\Apps\Adobe\uhnlvpwm.dll",DllRegisterServerW [445952 2012-09-11] (Microsoft Corporation)
HKU\ra25572\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin [239776 2011-05-16] (Adobe Systems, Inc.)
HKU\ra25572\...\Winlogon: [Shell] explorer.exe [x]
Winlogon\Notify\LANrevNotificationModule: C:\Program Files\Pole Position Software\LANrevAgent\NotificationModule.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\ra25572\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 FlipShare Service; "C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe" [439616 2008-11-13] ()
2 LANrev Agent; "C:\Program Files\Pole Position Software\LANrevAgent\LANrev Agent.exe" [2248704 2011-07-25] (Pole Position Software GmbH)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 mpich2_smpd; "C:\MPICH2\bin\smpd.exe" [483328 2011-09-01] (Argonne National Lab)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [31744 2007-01-16] (CSR, plc)
3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 catchme; \??\C:\Users\RITU-A~1\AppData\Local\Temp\catchme.sys [x]
0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-01 07:21 - 2012-10-01 07:21 - 00000000 ____D C:\Users\ritu-admin\AppData\Local\CutePDF Writer
2012-09-28 22:12 - 2012-09-28 21:52 - 00000512 ____A C:\Users\ritu-admin\Downloads\MBR.dat
2012-09-28 22:10 - 2012-09-28 22:12 - 00000000 ____D C:\Users\ritu-admin\Downloads\BleepingComputer
2012-09-28 21:54 - 2012-09-28 21:55 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\ritu-admin\Downloads\tdsskiller.exe
2012-09-28 21:52 - 2012-09-28 21:52 - 00002077 ____A C:\Users\ritu-admin\Downloads\aswMBR.txt
2012-09-28 20:57 - 2012-09-28 20:57 - 04731392 ____A (AVAST Software) C:\Users\ritu-admin\Downloads\aswMBR.exe
2012-09-28 07:08 - 2012-09-28 07:09 - 00000000 ____D C:\Users\ra25572\AppData\Local\{4E4A62E0-FDB9-4840-AAF0-150AAFF25EBB}
2012-09-27 17:42 - 2012-09-27 17:42 - 00000000 ____D C:\Users\ra25572\AppData\Local\{9ECE7CFB-B6C6-4409-9550-975AB9F7BF83}
2012-09-26 16:15 - 2012-09-27 05:41 - 00000000 ____D C:\Users\ra25572\AppData\Local\{40E7A445-987C-4CBD-A571-0539635E3132}
2012-09-25 17:28 - 2012-08-21 12:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 07:08 - 2012-09-25 07:08 - 00000000 ____D C:\Users\ra25572\AppData\Local\{CBB0923E-99BF-4D3E-BA13-DA66D546A420}
2012-09-24 05:31 - 2012-09-24 05:31 - 00000000 ____D C:\Users\ra25572\AppData\Local\{9921AD3B-296A-4F26-8B6F-0378FB35AAD9}
2012-09-23 18:20 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 18:20 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 18:20 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 18:20 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 18:20 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-23 18:19 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 18:19 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 18:19 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 18:19 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 18:19 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 18:19 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 18:19 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 18:19 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 18:19 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 18:19 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 18:19 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 07:18 - 2012-09-22 07:19 - 00000000 ____D C:\Users\ra25572\AppData\Local\{A4AF8DC6-81F3-48E8-B1BE-AD135B4BD3E4}
2012-09-21 21:06 - 2012-09-21 21:09 - 39217564 ____A C:\Users\ra25572\Downloads\openmx3.6.tar.gz
2012-09-21 16:30 - 2012-09-21 16:30 - 00000000 ____D C:\Users\ra25572\AppData\Local\{78DF802A-C43A-4B41-9780-F826EE687C92}
2012-09-20 13:26 - 2012-09-20 12:58 - 00000290 ____A C:\Users\ra25572\Desktop\ritu-arora-hw1.tar
2012-09-20 13:00 - 2012-09-20 12:59 - 00000632 ____A C:\Users\ra25572\Desktop\ritu-arora-hw1.tgz
2012-09-20 07:19 - 2012-09-20 07:19 - 00000000 ____D C:\Users\ra25572\AppData\Local\{6BF3A627-DDDE-4594-BB82-1757B24B1721}
2012-09-19 15:08 - 2012-09-19 15:08 - 00000000 ____D C:\Users\ra25572\AppData\Local\{26F69A14-5855-48F9-8517-4FD99C30F60C}
2012-09-19 12:18 - 2012-09-25 08:44 - 00000000 ____D C:\Users\ra25572\workspace2
2012-09-19 11:33 - 2012-09-19 11:48 - 00000000 ____D C:\Test_Fortran_Eclipse
2012-09-18 20:36 - 2012-09-18 20:37 - 00000000 ____D C:\Users\ra25572\AppData\Local\{5364A488-9855-4A81-8AC1-BABDEBBB550C}
2012-09-18 14:00 - 2012-09-18 14:00 - 00036056 ____A C:\Users\ritu-admin\Downloads\gmer.log
2012-09-18 10:29 - 2012-09-18 10:29 - 00000000 ____D C:\Users\ritu-admin\AppData\Local\Adobe
2012-09-18 09:46 - 2012-09-18 11:02 - 00000000 ____D C:\Users\ritu-admin\AppData\Roaming\SSH
2012-09-17 23:09 - 2012-09-17 23:09 - 00020720 ____A C:\Users\ritu-admin\Downloads\Attach.txt
2012-09-17 23:09 - 2012-09-17 23:09 - 00012118 ____A C:\Users\ritu-admin\Downloads\DDS.txt
2012-09-17 22:45 - 2012-09-17 22:45 - 00607260 ____R (Swearware) C:\Users\ritu-admin\Downloads\dds.com
2012-09-17 19:57 - 2012-09-17 19:57 - 00000000 ____D C:\Users\ra25572\AppData\Local\{7A0DBD92-DDA0-4F45-BFED-654054991FCA}
2012-09-17 14:17 - 2012-09-17 14:17 - 00000482 ____A C:\Users\ritu-admin\Desktop\defogger_disable.log
2012-09-17 14:17 - 2012-09-17 14:17 - 00000000 ____A C:\Users\ritu-admin\defogger_reenable
2012-09-17 14:16 - 2012-09-17 14:17 - 00050477 ____A C:\Users\ritu-admin\Downloads\Defogger.exe
2012-09-17 12:03 - 2012-09-17 12:05 - 00302592 ____A C:\Users\ra25572\Downloads\l819d35r.exe
2012-09-17 10:11 - 2012-09-17 10:11 - 00012670 ____A C:\ComboFix.txt
2012-09-17 09:57 - 2012-09-17 10:11 - 00000000 ____D C:\ComboFix
2012-09-17 09:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-17 09:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-17 09:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-17 09:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-17 09:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-17 09:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-17 09:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-17 09:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-17 09:46 - 2012-09-17 10:11 - 00000000 ____D C:\Qoobox
2012-09-17 09:45 - 2012-09-17 10:10 - 00000000 ____D C:\Windows\erdnt
2012-09-17 09:38 - 2012-09-17 09:41 - 04751448 ____R (Swearware) C:\Users\ra25572\Downloads\ComboFix.exe
2012-09-17 08:00 - 2012-09-17 08:00 - 00001147 ____A C:\Users\ra25572\Desktop\Mozilla Firefox.lnk
2012-09-17 08:00 - 2012-09-17 08:00 - 00000000 ____D C:\Users\ra25572\AppData\Local\Mozilla Firefox
2012-09-17 07:59 - 2012-09-17 07:59 - 17790056 ____A (Mozilla) C:\Users\ra25572\Downloads\Firefox Setup 15.0.1.exe
2012-09-17 07:57 - 2012-09-17 07:57 - 00000000 ____D C:\Users\ra25572\AppData\Local\{4CB4E200-76DB-4ADB-91A0-840918A99E3D}
2012-09-17 07:52 - 2012-09-17 07:52 - 00000000 ____D C:\Users\tacc-rjt582-da\AppData\Local\Threat Expert
2012-09-17 07:50 - 2012-09-17 10:20 - 00005720 ____A C:\Windows\PFRO.log
2012-09-17 07:26 - 2012-09-17 07:26 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-17 07:26 - 2012-09-07 14:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-17 07:23 - 2012-09-17 07:23 - 00000000 ____D C:\Users\tacc-rjt582-da\Documents\RegRun2
2012-09-16 19:24 - 2012-09-16 19:24 - 00000000 ____D C:\Users\ra25572\AppData\Local\{0F162566-FA29-4D87-83AD-07850031EB13}
2012-09-15 13:11 - 2012-09-15 13:11 - 00000000 ____D C:\Users\ra25572\AppData\Local\{8BCBC681-D65E-402E-B970-6FFC29E83A79}
2012-09-15 01:14 - 2012-09-17 09:25 - 00023976 ____A C:\Windows\Partizan.log
2012-09-15 01:10 - 2012-09-15 01:10 - 00000000 ____D C:\Users\ra25572\AppData\Local\{0566204B-760B-4CF4-B5F8-ECED2156F5EB}
2012-09-15 01:09 - 2012-09-28 17:51 - 00002922 ____A C:\Windows\setupact.log
2012-09-15 01:09 - 2012-09-15 01:09 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 00:30 - 2012-09-15 00:32 - 00000000 ____D C:\CCleaner
2012-09-14 23:32 - 2012-09-14 23:32 - 00000000 ___RD C:\desktop.ini
2012-09-14 23:32 - 2012-09-14 23:32 - 00000000 ___RD C:\comment.htt
2012-09-14 23:08 - 2012-09-14 23:08 - 00000000 ____D C:\Windows\pss
2012-09-14 07:37 - 2012-09-14 07:38 - 00000000 ____D C:\Users\ra25572\AppData\Local\{2A66B63E-379F-4AE7-88DD-B2CFA6FD0702}
2012-09-13 21:07 - 2012-09-13 21:07 - 00000000 ___RD C:\Program Files\Skype
2012-09-13 21:07 - 2012-09-13 21:07 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-13 19:27 - 2012-09-13 19:28 - 00000000 ____D C:\Users\ra25572\AppData\Local\{576B7EB4-0C00-4E00-A763-4D83BF12852E}
2012-09-13 07:38 - 2012-09-13 08:29 - 00000000 ____D C:\Users\ra25572\Documents\RegRun2
2012-09-13 07:27 - 2012-09-13 07:27 - 00000000 ____D C:\Users\ra25572\AppData\Local\{FFE4E3A8-C5D7-49AD-8C6C-206FCAF6C4F5}
2012-09-13 03:26 - 2012-09-13 03:26 - 00000000 ____D C:\Users\ritu-admin\AppData\Roaming\Intel
2012-09-13 03:19 - 2012-09-13 03:19 - 00000000 ____D C:\Users\ritu-admin\AppData\Roaming\Helios
2012-09-13 03:16 - 2012-09-17 10:20 - 00000000 ____D C:\Program Files\PC Tools
2012-09-13 03:16 - 2012-09-17 10:20 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-09-13 03:16 - 2012-09-13 03:16 - 01433904 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-13 03:16 - 2012-06-22 12:34 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-09-13 03:14 - 2012-09-17 09:57 - 00000000 ____D C:\Users\All Users\PC Tools
2012-09-13 03:14 - 2012-09-13 03:14 - 00000000 ____D C:\Users\ritu-admin\AppData\Roaming\TestApp
2012-09-12 21:36 - 2012-09-12 21:36 - 00000000 ____D C:\Users\ritu-admin\AppData\Roaming\Mozilla
2012-09-12 21:36 - 2012-09-12 21:36 - 00000000 ____D C:\Users\ritu-admin\AppData\Local\Mozilla
2012-09-12 21:36 - 2012-09-12 21:36 - 00000000 ____A C:\Windows\nsreg.dat
2012-09-12 21:22 - 2012-09-17 09:13 - 00000264 ____A C:\Windows\System32\PARTIZAN.TXT
2012-09-12 21:20 - 2012-09-17 09:57 - 00000000 ____D C:\Users\All Users\RegRun
2012-09-12 21:20 - 2012-09-15 00:06 - 00000000 ____D C:\Users\ritu-admin\Documents\RegRun2
2012-09-12 21:20 - 2012-09-13 03:01 - 00000002 RASHOT C:\Windows\winstart.bat
2012-09-12 21:19 - 2012-09-17 09:58 - 00000000 ____D C:\Program Files\UnHackMe
2012-09-12 21:17 - 2012-09-12 21:18 - 12331432 ____A C:\Users\ritu-admin\Downloads\unhackme.zip
2012-09-12 17:20 - 2012-09-12 17:21 - 00000000 ____D C:\Users\ra25572\AppData\Local\{167F20B7-8730-45CC-8404-82151FE011F5}
2012-09-11 22:18 - 2012-09-11 22:18 - 00000000 ____D C:\Users\ra25572\AppData\Local\Apps\Adobe
2012-09-11 20:33 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 20:33 - 2012-08-22 09:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 20:33 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 20:33 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 20:33 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 20:33 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 20:28 - 2012-09-11 20:29 - 00000000 ____D C:\Users\ra25572\AppData\Local\{6F5E8351-DBC5-4E9E-9A85-26A721046D4F}
2012-09-11 07:42 - 2012-09-11 07:42 - 00000000 ____D C:\Users\ra25572\AppData\Local\{4FB6778E-3F74-4091-90F6-68CA36C30FC2}
2012-09-10 18:26 - 2012-09-10 18:26 - 00000000 ____D C:\Users\ra25572\AppData\Local\{1FF7A7D9-B1FB-411E-AA86-737F4450686F}
2012-09-07 14:18 - 2012-09-07 14:20 - 00000000 ____D C:\Users\ra25572\Documents\MIC
2012-09-07 14:17 - 2012-09-13 03:59 - 00000000 ____D C:\MIC
2012-09-07 07:10 - 2012-09-07 07:10 - 00000000 ____D C:\Users\ra25572\AppData\Local\{6FCB67F1-AA16-40E7-B8AD-97262C1D7930}
2012-09-06 07:13 - 2012-09-06 07:14 - 00000000 ____D C:\Users\ra25572\AppData\Local\{B1AA905B-DBD4-4EEE-B5F8-11217423C3E9}
2012-09-05 12:05 - 2012-09-05 12:05 - 00000000 ____D C:\Users\ra25572\AppData\Local\{6E995C77-C46F-4741-ABCC-0BED7683A5E2}
2012-09-04 08:40 - 2012-09-04 09:02 - 00013806 ____A C:\Users\ra25572\Documents\class-roster.xlsx
2012-09-04 07:06 - 2012-09-04 07:07 - 00000000 ____D C:\Users\ra25572\AppData\Local\{1E521901-3878-4348-BEA2-420890FE4EC4}
2012-09-02 09:34 - 2012-09-02 09:34 - 00000000 ____D C:\Users\ra25572\AppData\Local\{F79C22D1-8845-46C7-8FEB-0C71EBBCF68E}
2012-09-02 09:13 - 2012-09-02 09:13 - 00000000 ____D C:\Users\ra25572\AppData\Local\{681AC2E8-ECE8-4891-B5FE-4E62363C3F93}


==================== 3 Months Modified Files ==================

2012-10-01 21:22 - 2011-05-16 10:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-01 21:22 - 2011-05-16 09:31 - 01831741 ____A C:\Windows\WindowsUpdate.log
2012-10-01 21:03 - 2011-08-20 10:00 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-963894560-725345543-5562997UA.job
2012-10-01 19:22 - 2009-07-13 20:34 - 00012592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-01 19:22 - 2009-07-13 20:34 - 00012592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-01 08:00 - 2011-08-20 10:00 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-963894560-725345543-5562997Core.job
2012-09-30 19:54 - 2011-05-16 07:47 - 00729816 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-28 21:55 - 2012-09-28 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\ritu-admin\Downloads\tdsskiller.exe
2012-09-28 21:52 - 2012-09-28 22:12 - 00000512 ____A C:\Users\ritu-admin\Downloads\MBR.dat
2012-09-28 21:52 - 2012-09-28 21:52 - 00002077 ____A C:\Users\ritu-admin\Downloads\aswMBR.txt
2012-09-28 20:57 - 2012-09-28 20:57 - 04731392 ____A (AVAST Software) C:\Users\ritu-admin\Downloads\aswMBR.exe
2012-09-28 17:51 - 2012-09-15 01:09 - 00002922 ____A C:\Windows\setupact.log
2012-09-28 17:51 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-28 13:19 - 2011-05-16 11:46 - 00000624 ____A C:\Windows\System32\config\netlogon.ftl
2012-09-21 21:09 - 2012-09-21 21:06 - 39217564 ____A C:\Users\ra25572\Downloads\openmx3.6.tar.gz
2012-09-20 12:59 - 2012-09-20 13:00 - 00000632 ____A C:\Users\ra25572\Desktop\ritu-arora-hw1.tgz
2012-09-20 12:58 - 2012-09-20 13:26 - 00000290 ____A C:\Users\ra25572\Desktop\ritu-arora-hw1.tar
2012-09-18 14:00 - 2012-09-18 14:00 - 00036056 ____A C:\Users\ritu-admin\Downloads\gmer.log
2012-09-17 23:09 - 2012-09-17 23:09 - 00020720 ____A C:\Users\ritu-admin\Downloads\Attach.txt
2012-09-17 23:09 - 2012-09-17 23:09 - 00012118 ____A C:\Users\ritu-admin\Downloads\DDS.txt
2012-09-17 22:45 - 2012-09-17 22:45 - 00607260 ____R (Swearware) C:\Users\ritu-admin\Downloads\dds.com
2012-09-17 14:17 - 2012-09-17 14:17 - 00000482 ____A C:\Users\ritu-admin\Desktop\defogger_disable.log
2012-09-17 14:17 - 2012-09-17 14:17 - 00000000 ____A C:\Users\ritu-admin\defogger_reenable
2012-09-17 14:17 - 2012-09-17 14:16 - 00050477 ____A C:\Users\ritu-admin\Downloads\Defogger.exe
2012-09-17 12:05 - 2012-09-17 12:03 - 00302592 ____A C:\Users\ra25572\Downloads\l819d35r.exe
2012-09-17 10:20 - 2012-09-17 07:50 - 00005720 ____A C:\Windows\PFRO.log
2012-09-17 10:11 - 2012-09-17 10:11 - 00012670 ____A C:\ComboFix.txt
2012-09-17 10:08 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-09-17 09:41 - 2012-09-17 09:38 - 04751448 ____R (Swearware) C:\Users\ra25572\Downloads\ComboFix.exe
2012-09-17 09:25 - 2012-09-15 01:14 - 00023976 ____A C:\Windows\Partizan.log
2012-09-17 09:13 - 2012-09-12 21:22 - 00000264 ____A C:\Windows\System32\PARTIZAN.TXT
2012-09-17 08:00 - 2012-09-17 08:00 - 00001147 ____A C:\Users\ra25572\Desktop\Mozilla Firefox.lnk
2012-09-17 07:59 - 2012-09-17 07:59 - 17790056 ____A (Mozilla) C:\Users\ra25572\Downloads\Firefox Setup 15.0.1.exe
2012-09-17 07:26 - 2012-09-17 07:26 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-15 01:09 - 2012-09-15 01:09 - 00000000 ____A C:\Windows\setuperr.log
2012-09-13 21:07 - 2011-10-07 11:20 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-13 04:50 - 2009-07-13 20:53 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-13 03:16 - 2012-09-13 03:16 - 01433904 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-13 03:01 - 2012-09-12 21:20 - 00000002 RASHOT C:\Windows\winstart.bat
2012-09-13 03:01 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-09-13 03:01 - 2009-07-13 18:04 - 00001688 ____A C:\Windows\System32\autoexec.nt
2012-09-12 21:36 - 2012-09-12 21:36 - 00000000 ____A C:\Windows\nsreg.dat
2012-09-12 21:18 - 2012-09-12 21:17 - 12331432 ____A C:\Users\ritu-admin\Downloads\unhackme.zip
2012-09-12 06:54 - 2011-05-16 08:27 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-07 14:04 - 2012-09-17 07:26 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-04 09:02 - 2012-09-04 08:40 - 00013806 ____A C:\Users\ra25572\Documents\class-roster.xlsx
2012-08-30 19:03 - 2012-08-30 19:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 19:03 - 2010-10-24 18:25 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-27 13:08 - 2012-08-27 12:33 - 00076542 ____A C:\Users\ra25572\Documents\DIBBS.pptx
2012-08-23 23:27 - 2012-09-23 18:19 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-23 18:19 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-23 18:19 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-23 18:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 18:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-23 18:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-23 18:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-23 18:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-23 18:19 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:47 - 2012-09-23 18:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 18:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:44 - 2012-09-23 18:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:43 - 2012-09-23 18:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 18:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-22 09:16 - 2012-09-11 20:33 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 09:16 - 2012-09-11 20:33 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 09:16 - 2012-09-11 20:33 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 09:16 - 2012-09-11 20:33 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 12:12 - 2012-09-25 17:28 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-19 08:29 - 2012-08-19 08:29 - 00027520 ____A C:\Users\ritu-admin\AppData\Local\dt.dat
2012-08-16 07:09 - 2009-07-13 20:33 - 00340864 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-13 19:27 - 2012-08-13 19:26 - 22173560 ____A (IDM Computer Solutions, Inc.) C:\Users\ra25572\Downloads\uc_english.exe
2012-08-13 18:15 - 2012-08-13 18:14 - 32144384 ____A (IDM Computer Solutions, Inc.) C:\Users\ra25572\Downloads\ue_english.exe
2012-08-13 08:46 - 2012-08-13 08:46 - 06709224 ____A C:\Users\ra25572\Downloads\hypre-1.9.0b.tar.gz
2012-08-08 08:50 - 2012-08-08 08:50 - 00001003 ____A C:\Users\ra25572\Desktop\Dropbox.lnk
2012-08-08 08:47 - 2012-08-08 08:47 - 17798272 ____A (Dropbox, Inc.) C:\Users\ra25572\Downloads\Dropbox 1.4.12.exe
2012-08-02 17:37 - 2012-08-02 17:33 - 03879800 ____A (AVG Technologies) C:\Users\ra25572\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-02 08:57 - 2012-09-11 20:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-07-18 09:47 - 2012-08-15 05:11 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 22:37 - 2012-07-13 22:37 - 00000443 ____A C:\Users\ra25572\Downloads\Desktop.lnk
2012-07-06 11:23 - 2012-08-16 06:36 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-20 12:18:38
Restore point made on: 2012-09-23 18:19:09
Restore point made on: 2012-09-26 06:21:49
Restore point made on: 2012-09-29 09:08:37
Restore point made on: 2012-10-01 21:21:31

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2045.97 MB
Available physical RAM: 1625.47 MB
Total Pagefile: 2045.97 MB
Available Pagefile: 1631.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:50.96 GB) NTFS
3 Drive f: () (Removable) (Total:3.91 GB) (Free:3.82 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 4016 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4015 MB 180 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 4015 MB Healthy

=========================================================

Last Boot: 2012-09-15 21:00

==================== End Of Log ============================

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 02 October 2012 - 04:38 AM

Hi there,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *explorer*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

On your next reply please post :
SystemLook log
AdwCleaner log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 auriga

auriga
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 02 October 2012 - 02:03 PM

Thanks a lot for all the help Conspire! Below are logs that you asked to paste.


******************* SystemLook Log **************************************************

SystemLook 30.07.11 by jpshortstuff
Log created at 13:40 on 02/10/2012 by ritu-admin
Administrator - Elevation successful

========== filefind ==========

Searching for "*explorer*"
C:\Program Files\Java\jdk1.6.0_25\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml --a---- 2939 bytes [21:39 20/05/2011] [21:39 20/05/2011] 76061C4ADB3043CAE3914CF68126A8DB
C:\Program Files\Java\jdk1.6.0_25\lib\visualvm\platform\config\Modules\org-openide-explorer.xml --a---- 413 bytes [21:39 20/05/2011] [21:39 20/05/2011] 38A311A6621D4686B60150CF2194D283
C:\Program Files\Java\jdk1.6.0_25\lib\visualvm\platform\modules\org-openide-explorer.jar --a---- 1478140 bytes [21:39 20/05/2011] [21:39 20/05/2011] C2175DDEC9CDDA1675C0081D3D7FDDD5
C:\Program Files\Java\jdk1.6.0_25\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar --a---- 9934 bytes [21:39 20/05/2011] [21:39 20/05/2011] 85248EE1BE5FDF6D04FA77F772A366C2
C:\Program Files\Java\jdk1.6.0_25\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar --a---- 9572 bytes [21:39 20/05/2011] [21:39 20/05/2011] 7C7654756FB7BCD1158E2324E2E43E53
C:\Program Files\Java\jdk1.6.0_25\lib\visualvm\platform\update_tracking\org-openide-explorer.xml --a---- 464 bytes [21:39 20/05/2011] [21:39 20/05/2011] CCBAA11C7AB52596CEFE2AA3F889242B
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMiniMouse\ExplorerMiniMouse.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] DA0845958C77001BB8A03CF96393554F
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMiniMouse\ExplorerMiniMouse_Button1.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] E8930E0BC07BA47C2238BB2546FCCE70
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMiniMouse\ExplorerMiniMouse_Button2.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] EF90937FB775E509C8FD266B0B54C353
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMiniMouse\ExplorerMiniMouse_Button3.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 81176804B6AEDB32153CFD4C0F92ADD6
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMiniMouse\ExplorerMiniMouse_Button4.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 89EF24E2D3D6D3D6908336BD8634B18B
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMiniMouse\ExplorerMiniMouse_Button5.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 05D85CBD5C40380D2DCACF76CF121C86
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMouse\ExplorerMouse.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] 832F839BA1783D2453F25C41CEBB3751
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMouse\ExplorerMouse_Button1.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 67B33A59840D86EBC6A7A929A245D229
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMouse\ExplorerMouse_Button2.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 4A6772145E9747DBE32245EDDB5A5209
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMouse\ExplorerMouse_Button3.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 9158307E99D424518BA22EAA59672AEB
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMouse\ExplorerMouse_Button4.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 58BAFB28D380022141D71D91B38B6190
C:\Program Files\Microsoft IntelliPoint\Models\ExplorerMouse\ExplorerMouse_Button5.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 55BE444C70BEB43917A76384F1EAE6EA
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer3.0\IntelliMouseExplorer3.0.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] 36E6ABEC0AE261E3F4C881C58DCF2A36
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer3.0\IntelliMouseExplorer3.0_Button1.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] E657023360EE2EBB6C5DB8A6EFAA0213
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer3.0\IntelliMouseExplorer3.0_Button2.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 9DD532EAB98C331B5819C9BFE847F6D0
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer3.0\IntelliMouseExplorer3.0_Button3.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 784E74CBE435F3371983E9C0FF56DDB9
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer3.0\IntelliMouseExplorer3.0_Button4.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 3FFED2B6ABFBC636BF62C3AD2A617910
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer3.0\IntelliMouseExplorer3.0_Button5.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 186095C4D438C7DE772FE03C5CDBE0DA
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer4.0\IntelliMouseExplorer4.0.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] CC7D0BB27821D8EB758D24C6BF0932D9
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer4.0\IntelliMouseExplorer4.0_Button1.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] BDB6B200B4DF623BECD06A71FD66F3DB
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer4.0\IntelliMouseExplorer4.0_Button2.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 6F19FE883F8664959601800BB20AAB53
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer4.0\IntelliMouseExplorer4.0_Button3.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 4268F7648FD20E82CAB4001BBA56C99A
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer4.0\IntelliMouseExplorer4.0_Button4.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 736D31EB669C5FEA0033A6296BF61F89
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorer4.0\IntelliMouseExplorer4.0_Button5.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 64E0AECE08C7AFD32659C2600C99B100
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorerforBluetooth\IntelliMouseExplorerforBluetooth.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] 8CDC93FD5C00365E60A9F90D98A55D99
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorerforBluetooth\IntelliMouseExplorerforBluetooth_Button1.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] A21244FB9BADA9F372F341465EDD8665
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorerforBluetooth\IntelliMouseExplorerforBluetooth_Button2.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 68E2E476D2600CAC967C91A2AA99120F
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorerforBluetooth\IntelliMouseExplorerforBluetooth_Button3.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] F823BDC23B516045A89E0DF494372B24
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorerforBluetooth\IntelliMouseExplorerforBluetooth_Button4.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 9620F8EAD21DD131878BE774924A0348
C:\Program Files\Microsoft IntelliPoint\Models\IntelliMouseExplorerforBluetooth\IntelliMouseExplorerforBluetooth_Button5.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 0138512C625E429D8C46CED4FC0783AC
C:\Program Files\Microsoft IntelliPoint\Models\TrackballExplorer\TrackballExplorer.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] 11EF1F00D818F27803EA2AAB4E576A13
C:\Program Files\Microsoft IntelliPoint\Models\TrackballExplorer\TrackballExplorer_Button1.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 71EB78219E4452F7AEBD760F170BC479
C:\Program Files\Microsoft IntelliPoint\Models\TrackballExplorer\TrackballExplorer_Button2.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] B5F1AD1580AD0577481A23D51CEE5971
C:\Program Files\Microsoft IntelliPoint\Models\TrackballExplorer\TrackballExplorer_Button3.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 085C96A57F4A791FC36629ABDC1F13E0
C:\Program Files\Microsoft IntelliPoint\Models\TrackballExplorer\TrackballExplorer_Button4.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] 93153CBEB4AC1AF9D4EF433DD5A49AE9
C:\Program Files\Microsoft IntelliPoint\Models\TrackballExplorer\TrackballExplorer_Button5.bmp --a---- 2782 bytes [20:02 13/04/2011] [20:02 13/04/2011] EED0FD2B8ED4CDCB4479CAAC3E4C8A3F
C:\Program Files\Microsoft IntelliPoint\Models\WirelessIntelliMouseExplorerforBluetooth\WirelessIntelliMouseExplorerforBluetooth.bmp --a---- 22840 bytes [20:02 13/04/2011] [20:02 13/04/2011] 3B2D8DBD3C7F80022A35F6065F55D795
C:\Program Files\Microsoft IntelliPoint\Models\WirelessIntelliMouseExplorerforBluetooth\WirelessIntelliMouseExplorerforBluetooth_Button1.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 6C69B68298267ADCD79AB80E38D09A52
C:\Program Files\Microsoft IntelliPoint\Models\WirelessIntelliMouseExplorerforBluetooth\WirelessIntelliMouseExplorerforBluetooth_Button2.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 208D0FFC1206828334DFD5E80D54AC19
C:\Program Files\Microsoft IntelliPoint\Models\WirelessIntelliMouseExplorerforBluetooth\WirelessIntelliMouseExplorerforBluetooth_Button3.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] BEED8F457952942BAC8F3874A2630AC2
C:\Program Files\Microsoft IntelliPoint\Models\WirelessIntelliMouseExplorerforBluetooth\WirelessIntelliMouseExplorerforBluetooth_Button4.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] BAAB3A321217496835799EF42503E36A
C:\Program Files\Microsoft IntelliPoint\Models\WirelessIntelliMouseExplorerforBluetooth\WirelessIntelliMouseExplorerforBluetooth_Button5.bmp --a---- 2784 bytes [20:02 13/04/2011] [20:02 13/04/2011] 443AAEC8F2E7082100DA36053C03A211
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 258 bytes [04:42 14/07/2009] [04:42 14/07/2009] AE1153973EEE2A7F3661B03D33987AC7
C:\Test_Fortran_Eclipse\eclipse-jee-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\278\2\.cp\Mylyn\User_Guide\images\Feature-Guide-3.0-Package-Explorer-Focused.png --a---- 14930 bytes [20:18 19/09/2012] [20:18 19/09/2012] EB778849FB240C342CA11E833777AA2E
C:\Test_Fortran_Eclipse\eclipse-jee-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\57\2\.cp\images\view_project_explorer.png --a---- 11724 bytes [20:18 19/09/2012] [20:18 19/09/2012] 5788B80579CF48F872F54D1DBDE8EBB2
C:\Test_Fortran_Eclipse\eclipse-jee-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\57\2\.cp\reference\cdt_u_project_explorer_view.htm --a---- 11928 bytes [20:18 19/09/2012] [20:18 19/09/2012] C16E3A66043A95BC4496CF7F4002AA1F
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 258 bytes [04:42 14/07/2009] [04:42 14/07/2009] AE1153973EEE2A7F3661B03D33987AC7
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [04:37 14/07/2009] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\nobles\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 32768 bytes [16:17 04/04/2012] [16:17 04/04/2012] 506C570FA5C956A6835F3D841426FE95
C:\Users\nobles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1413 bytes [16:17 04/04/2012] [16:17 04/04/2012] 3A83E45F40933A48076C796B97F37E3D
C:\Users\nobles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [16:17 04/04/2012] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\nobles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1413 bytes [16:17 04/04/2012] [16:17 04/04/2012] 3A83E45F40933A48076C796B97F37E3D
C:\Users\nobles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [16:17 04/04/2012] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\nobles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1463 bytes [16:17 04/04/2012] [16:17 04/04/2012] 980B221836E12B1AB603240F9FF2DC63
C:\Users\ra25572\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 32768 bytes [20:49 16/05/2011] [20:50 16/05/2011] 87A875511B896B7BE698DBE87C908C40
C:\Users\ra25572\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 1411 bytes [21:29 16/05/2011] [21:29 16/05/2011] 81CF7D128B1DAEFD05EFED2CCC2C6FBF
C:\Users\ra25572\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1417 bytes [04:27 08/12/2011] [20:50 16/05/2011] EB54A853E9B7088C2E5750117CFD6CF1
C:\Users\ra25572\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [20:50 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\ra25572\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1417 bytes [20:50 16/05/2011] [20:50 16/05/2011] EB54A853E9B7088C2E5750117CFD6CF1
C:\Users\ra25572\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [20:49 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\ra25572\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1467 bytes [20:50 16/05/2011] [20:50 16/05/2011] CA1228BE7FE952EF95B8525A1709EC68
C:\Users\ra25572\Desktop\courses\Ritu\Document in Microsoft Internet Explorer.rtf --a---- 78431 bytes [20:12 23/09/2011] [19:42 08/10/2004] 696A4AC1A6F7B4A5F041EA164B83A976
C:\Users\ra25572\Documents\RegRun2\back13d_09m_12y_112001\Explorer Bars_HKLM.reg --a---- 85 bytes [16:20 13/09/2012] [16:20 13/09/2012] 0C181246A6B577D4EA579E0AB4347A6C
C:\Users\ra25572\Documents\RegRun2\back13d_09m_12y_112001\Explorer Run_HKCU.reg --a---- 97 bytes [16:22 13/09/2012] [16:22 13/09/2012] B93A9E74FFCCC267EA29051EEA0CCF95
C:\Users\ra25572\Documents\RegRun2\back13d_09m_12y_112001\Explorer Run_HKLM.reg --a---- 98 bytes [16:22 13/09/2012] [16:22 13/09/2012] DACDC7B0A9144FF97908F21429428737
C:\Users\ra25572\Documents\RegRun2\back13d_09m_12y_112950\Explorer Bars_HKLM.reg --a---- 85 bytes [16:29 13/09/2012] [16:29 13/09/2012] 0C181246A6B577D4EA579E0AB4347A6C
C:\Users\ra25572\Documents\RegRun2\back13d_09m_12y_112950\Explorer Run_HKCU.reg --a---- 97 bytes [16:31 13/09/2012] [16:31 13/09/2012] B93A9E74FFCCC267EA29051EEA0CCF95
C:\Users\ra25572\Documents\RegRun2\back13d_09m_12y_112950\Explorer Run_HKLM.reg --a---- 98 bytes [16:31 13/09/2012] [16:31 13/09/2012] DACDC7B0A9144FF97908F21429428737
C:\Users\ra25572\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\164\1\.cp\Mylyn\User_Guide\images\Feature-Guide-3.0-Package-Explorer-Focused.png --a---- 14930 bytes [21:13 16/05/2011] [21:44 27/04/2011] EB778849FB240C342CA11E833777AA2E
C:\Users\ra25572\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\30\1\.cp\images\view_project_explorer.png --a---- 11724 bytes [21:13 16/05/2011] [21:44 27/04/2011] 5788B80579CF48F872F54D1DBDE8EBB2
C:\Users\ra25572\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\30\1\.cp\reference\cdt_u_project_explorer_view.htm --a---- 10373 bytes [21:13 16/05/2011] [21:44 27/04/2011] B9E97DDA338FC75070FE47D9EEB1C2FF
C:\Users\ra25572\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\plugins\org.eclipse.wst.ws.explorer_1.0.507.v201004220342.jar --a---- 1839780 bytes [06:55 18/09/2011] [06:55 18/09/2011] 069B3297A59848E06E6C098DA6F313F2
C:\Users\ra25572\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\plugins\org.eclipse.ptp.rdt.doc.user_1.0.0.201102161000\html\reference\project_explorer_view.htm --a---- 8280 bytes [21:14 16/05/2011] [16:16 16/02/2011] E0B736D33AC8924A37598BFE23E7F3B3
C:\Users\ra25572\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\plugins\org.eclipse.ptp.rdt.doc.user_1.0.0.201102161000\images\view_project_explorer.png --a---- 11097 bytes [21:14 16/05/2011] [16:16 16/02/2011] 5944244844B1980C44B42E4C06FF6512
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\101\1\.cp\icons\full\cview16\enterprise_explorer.gif --a---- 204 bytes [08:10 13/09/2011] [08:10 13/09/2011] 4F5230A5FDAFA09984C133982296E851
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\492\1\.cp\Mylyn\User_Guide\images\Feature-Guide-3.0-Package-Explorer-Focused.png --a---- 14930 bytes [09:21 13/09/2011] [09:21 13/09/2011] EB778849FB240C342CA11E833777AA2E
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\697\1\.cp\icons\etool16\launch_ws_explorer.gif --a---- 583 bytes [08:10 13/09/2011] [08:10 13/09/2011] C90259FB79B24A86E37FF89C215D3320
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerActionGroup --a---- 18362 bytes [20:38 18/05/2012] [20:38 18/05/2012] 72AAB10DAC7466CC4759473E1202D0A2
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerActionGroup$1 --a---- 1165 bytes [20:38 18/05/2012] [20:38 18/05/2012] 61A7DDF7F0A5C17FBC3011088A4BF337
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerActionGroup$2 --a---- 1252 bytes [20:39 18/05/2012] [20:39 18/05/2012] FC91462E12A76D0685DEDA359F25D942
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerActionGroup$3 --a---- 1312 bytes [20:39 18/05/2012] [20:39 18/05/2012] AC177DACED980A02B70996A242125338
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerContentProvider --a---- 24683 bytes [20:38 18/05/2012] [20:38 18/05/2012] DC54571BA49A1A62D46BFEB7AFF22789
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerContentProvider$1 --a---- 1715 bytes [20:38 18/05/2012] [20:38 18/05/2012] 7D7F2E451C57E199320081E6A33C689B
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerContentProvider$3 --a---- 1556 bytes [20:43 18/05/2012] [20:43 18/05/2012] 09E1574704EDE2543714841520D11EAA
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerContentProvider$4 --a---- 1921 bytes [21:10 18/05/2012] [21:10 18/05/2012] 45E432F04B79928762A73AB542ADE335
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerContentProvider$5 --a---- 1191 bytes [21:10 18/05/2012] [21:10 18/05/2012] 0FFEED62E08BB690A9C47F84B8EEB2DF
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerLabelProvider --a---- 5610 bytes [20:38 18/05/2012] [20:38 18/05/2012] EFDE1C02633CFB668F3E86A1DA5F7085
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart --a---- 38063 bytes [20:38 18/05/2012] [20:38 18/05/2012] 4838736870D0DC9B2717A1B2D50B6F7C
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$1 --a---- 1973 bytes [20:38 18/05/2012] [20:38 18/05/2012] 2ECE2446BF4589F3E411CD7C23BDB51C
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$2 --a---- 1295 bytes [20:38 18/05/2012] [20:38 18/05/2012] 70F8CE7151FF55145472CCD82068209B
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$3 --a---- 1235 bytes [20:39 18/05/2012] [20:39 18/05/2012] 4E6F394832EC2AD6CB7861166406206C
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$4 --a---- 2191 bytes [20:38 18/05/2012] [20:38 18/05/2012] 6BA70261CF5BE0347981467741BFB4B0
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$5 --a---- 937 bytes [20:42 18/05/2012] [20:42 18/05/2012] A3A890A68767A3FE1C1861A0007A0C05
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$6 --a---- 1130 bytes [20:39 18/05/2012] [20:39 18/05/2012] 94701F4AD3664707B84DACE707D0059D
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$7 --a---- 1376 bytes [16:40 13/07/2012] [16:40 13/07/2012] 84A7269E8A9E59E8415D839DDC44BEED
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$8 --a---- 1250 bytes [20:41 18/05/2012] [20:41 18/05/2012] C9C7696238E615AA1F5E877F2D7C7472
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerPart$PackageExplorerProblemTreeViewer --a---- 5180 bytes [20:38 18/05/2012] [20:38 18/05/2012] E313DAA7C3991BC63B99AA9F2CE35492
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.packageview.PackageExplorerProblemsDecorator --a---- 1224 bytes [20:38 18/05/2012] [20:38 18/05/2012] BDA40F0A5671AF5671BC698168809E94
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer --a---- 9725 bytes [21:10 18/05/2012] [21:10 18/05/2012] 80421D26AC7CF6099DED1DCB53E15968
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$1 --a---- 2618 bytes [21:10 18/05/2012] [21:10 18/05/2012] 513BA5025B7D414E74B1FB6B29D760EC
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$2 --a---- 1293 bytes [21:10 18/05/2012] [21:10 18/05/2012] D371B259A06F3291D3E7611A1622CE9E
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$3 --a---- 1997 bytes [21:10 18/05/2012] [21:10 18/05/2012] DB124E424112B9C2716691A3174CC1EC
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$ExtendedJavaElementSorter --a---- 1226 bytes [21:10 18/05/2012] [21:10 18/05/2012] (Unable to calculate MD5)
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$PackageContentProvider --a---- 3362 bytes [21:10 18/05/2012] [21:10 18/05/2012] (Unable to calculate MD5)
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$PackageFilter --a---- 2902 bytes [21:10 18/05/2012] [21:10 18/05/2012] 97915E4A433988F4A75BFB8E6EAE1F96
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorer$PackageLabelProvider --a---- 4887 bytes [21:10 18/05/2012] [21:10 18/05/2012] (Unable to calculate MD5)
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup --a---- 10264 bytes [21:10 18/05/2012] [21:10 18/05/2012] 301F61432DB41BC5C2419ECA43E8E0F2
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$1 --a---- 1995 bytes [21:10 18/05/2012] [21:10 18/05/2012] B52E6A829232411EF2BF1D6066ED2DD4
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$2 --a---- 1994 bytes [21:10 18/05/2012] [21:10 18/05/2012] 52DFC2F825E0ECC87E65C31CB76C0B3D
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$3 --a---- 1995 bytes [21:10 18/05/2012] [21:10 18/05/2012] 9C0CD4832F9041E4BA23AB1ADBD2F15E
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$4 --a---- 1993 bytes [21:10 18/05/2012] [21:10 18/05/2012] 46276199C14B012BDA82D8DC42929E18
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$5 --a---- 1985 bytes [21:10 18/05/2012] [21:10 18/05/2012] F785D9012FADF5C0A0BDBC58464CF180
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$6 --a---- 1991 bytes [21:10 18/05/2012] [21:10 18/05/2012] D5052D67357C4A08704BF5F866CA4550
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$7 --a---- 2950 bytes [21:10 18/05/2012] [21:10 18/05/2012] E24AC763B1EE33CB88599E0ADE9DDAE5
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\326-1315897160110\org.eclipse.jdt.internal.ui.wizards.buildpaths.newsourcepage.DialogPackageExplorerActionGroup$8 --a---- 2944 bytes [21:10 18/05/2012] [21:10 18/05/2012] EF394CA877092538373D160EBEC1DDBC
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\configuration\org.eclipse.osgi\bundles\777\data\3cca3447c09a1f0fcc6f81ce6950512a\770-1337373276495\org.eclipse.ajdt.internal.utils.AJDTUtils$RefreshPackageExplorerJob --a---- 1567 bytes [20:39 18/05/2012] [20:39 18/05/2012] 24EED262EFB1E199E6791BBD79CDD47F
C:\Users\ra25572\Downloads\eclipse-jee-indigo-win32\eclipse\plugins\org.eclipse.wst.ws.explorer_1.0.607.v201103082002.jar --a---- 1839860 bytes [07:40 15/06/2011] [06:37 13/09/2011] 2B314C0458DB48BF18F5BEEEC3E344FA
C:\Users\ra25572\Downloads\eclipse_Liferay_IDE_1.3.1_v201109140220-win32\eclipse\configuration\org.eclipse.osgi\bundles\128\1\.cp\icons\full\cview16\enterprise_explorer.gif --a---- 204 bytes [07:43 18/09/2011] [07:43 18/09/2011] 4F5230A5FDAFA09984C133982296E851
C:\Users\ra25572\Downloads\eclipse_Liferay_IDE_1.3.1_v201109140220-win32\eclipse\configuration\org.eclipse.osgi\bundles\742\1\.cp\icons\etool16\launch_ws_explorer.gif --a---- 583 bytes [07:43 18/09/2011] [07:43 18/09/2011] C90259FB79B24A86E37FF89C215D3320
C:\Users\ra25572\Downloads\eclipse_Liferay_IDE_1.3.1_v201109140220-win32\eclipse\plugins\org.eclipse.wst.ws.explorer_1.0.607.v201103082002.jar --a---- 1839860 bytes [07:40 15/06/2011] [03:13 15/09/2011] 2B314C0458DB48BF18F5BEEEC3E344FA
C:\Users\ra25572\Dropbox\BackUp_Other\courses\Ritu\Document in Microsoft Internet Explorer.rtf --a---- 78431 bytes [22:05 17/09/2012] [19:42 08/10/2004] 696A4AC1A6F7B4A5F041EA164B83A976
C:\Users\ritu-admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 32768 bytes [20:12 16/05/2011] [20:13 16/05/2011] 8BD0AA6F7974A7E417681B9C510CC8C3
C:\Users\ritu-admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl --a---- 16384 bytes [05:23 13/09/2012] [17:43 17/09/2012] 66FCB170A0F24F8EBC41A8905B01F744
C:\Users\ritu-admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I91GB3OZ\DZB017_ExplorerAcq_080612640115[1].jpg --a---- 17796 bytes [23:27 30/09/2012] [23:27 30/09/2012] F614306352620348AA46E6A200E661B7
C:\Users\ritu-admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB03LXGT\DZB021_ExplorerAcq_081512640115[1].jpg --a---- 18137 bytes [15:18 01/10/2012] [15:18 01/10/2012] 20F970CEA0155DE0E470782FD3451F98
C:\Users\ritu-admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJFWCENO\ExplorerYoureInDR_08-12_ver3.4_160x600[1].swf --a---- 37714 bytes [03:29 30/09/2012] [03:29 30/09/2012] 9438A0D9E3DF86C3A3AD2E4B2305FED1
C:\Users\ritu-admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 1407 bytes [22:46 20/05/2011] [22:46 20/05/2011] B950541D6F0F00F25F195536A57B4472
C:\Users\ritu-admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1413 bytes [20:13 16/05/2011] [20:13 16/05/2011] 83CF8CEB110EC1F55B9E7107C6BCCF39
C:\Users\ritu-admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [20:13 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\ritu-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1413 bytes [20:13 16/05/2011] [20:13 16/05/2011] 83CF8CEB110EC1F55B9E7107C6BCCF39
C:\Users\ritu-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [20:12 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\ritu-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1463 bytes [20:13 16/05/2011] [20:13 16/05/2011] 1D7C9A37FA3B5F20A3C93AA8B570D4D6
C:\Users\ritu-admin\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\164\1\.cp\Mylyn\User_Guide\images\Feature-Guide-3.0-Package-Explorer-Focused.png --a---- 14930 bytes [22:36 20/05/2011] [21:44 27/04/2011] EB778849FB240C342CA11E833777AA2E
C:\Users\ritu-admin\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\30\1\.cp\images\view_project_explorer.png --a---- 11724 bytes [22:36 20/05/2011] [21:44 27/04/2011] 5788B80579CF48F872F54D1DBDE8EBB2
C:\Users\ritu-admin\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\configuration\org.eclipse.osgi\bundles\30\1\.cp\reference\cdt_u_project_explorer_view.htm --a---- 10373 bytes [22:36 20/05/2011] [21:44 27/04/2011] B9E97DDA338FC75070FE47D9EEB1C2FF
C:\Users\ritu-admin\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\plugins\org.eclipse.ptp.rdt.doc.user_1.0.0.201102161000\html\reference\project_explorer_view.htm --a---- 8280 bytes [22:36 20/05/2011] [16:16 16/02/2011] E0B736D33AC8924A37598BFE23E7F3B3
C:\Users\ritu-admin\Downloads\eclipse-cpp-helios-SR2-win32\eclipse\plugins\org.eclipse.ptp.rdt.doc.user_1.0.0.201102161000\images\view_project_explorer.png --a---- 11097 bytes [22:36 20/05/2011] [16:16 16/02/2011] 5944244844B1980C44B42E4C06FF6512
C:\Users\tacc-nobles-da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [20:41 15/12/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\tacc-rjt582-da\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 32768 bytes [19:49 16/05/2011] [19:50 16/05/2011] 0849240E1F96D87534F3DD7D06D101B4
C:\Users\tacc-rjt582-da\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl --a---- 16384 bytes [16:13 02/08/2012] [16:07 17/09/2012] C731855F0DB8483DBB921E4E480EDBB2
C:\Users\tacc-rjt582-da\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 1411 bytes [17:29 02/08/2012] [17:29 02/08/2012] 4881BA9ABE0F80136E46E8628E0E1C88
C:\Users\tacc-rjt582-da\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1417 bytes [19:50 16/05/2011] [19:50 16/05/2011] 0DF6223C6C2DEB8842BBA0635581CD5E
C:\Users\tacc-rjt582-da\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [19:50 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\tacc-rjt582-da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1417 bytes [19:50 16/05/2011] [19:50 16/05/2011] 0DF6223C6C2DEB8842BBA0635581CD5E
C:\Users\tacc-rjt582-da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [19:49 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\tacc-rjt582-da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1467 bytes [19:50 16/05/2011] [19:50 16/05/2011] 2E9789040012FF083AD4B61648C46A5F
C:\Users\taccster\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 32768 bytes [15:36 16/05/2011] [15:36 16/05/2011] 3311F260B27873C2FF2FE8BD70CF6CB0
C:\Users\taccster\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl --a---- 16384 bytes [15:36 16/05/2011] [19:45 16/05/2011] 3CF99038A6C1E6A96D463C9DCA01F99D
C:\Users\taccster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 1407 bytes [18:12 16/05/2011] [18:12 16/05/2011] 0F01FD5E2E743D9EC3974DA0FBB141A1
C:\Users\taccster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1413 bytes [15:36 16/05/2011] [15:36 16/05/2011] 0049C97F7D24B1EBE13AD6961AFF1C7B
C:\Users\taccster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [15:36 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\taccster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1413 bytes [15:36 16/05/2011] [18:00 16/05/2011] 7B29C3B406D273F09F40EF20B2BCF147
C:\Users\taccster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [15:36 16/05/2011] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\taccster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1463 bytes [15:36 16/05/2011] [18:00 16/05/2011] 7FF1A67A5A490EC09D078E7C412F5260
C:\Windows\explorer.exe --a---- 2616320 bytes [15:49 16/05/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\en-US\explorer.exe.mui --a---- 22016 bytes [04:54 14/07/2009] [02:06 14/07/2009] B9F4B1CA23D60775736059D72BA48526
C:\Windows\erdnt\cache\explorer.exe --a---- 2616320 bytes [18:10 17/09/2012] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\PolicyDefinitions\Explorer.admx --a---- 3836 bytes [21:56 13/07/2009] [21:34 10/06/2009] AD131A834808E6AFF4A3918DE05BFCF6
C:\Windows\PolicyDefinitions\GameExplorer.admx --a---- 2256 bytes [21:56 13/07/2009] [21:20 10/06/2009] 7223A757158F86DD27EC7D0D43C682AD
C:\Windows\PolicyDefinitions\WindowsExplorer.admx --a---- 35942 bytes [21:56 13/07/2009] [21:34 10/06/2009] 6BBA1E311D9D0E64713CFD0C6C74CBF4
C:\Windows\PolicyDefinitions\en-US\Explorer.adml --a---- 3695 bytes [04:54 14/07/2009] [02:07 14/07/2009] 7A4C7F3CB156543113596988479CAFCE
C:\Windows\PolicyDefinitions\en-US\GameExplorer.adml --a---- 1897 bytes [04:54 14/07/2009] [02:02 14/07/2009] 85EE206DDBF793929AC0467A02312D46
C:\Windows\PolicyDefinitions\en-US\WindowsExplorer.adml --a---- 48102 bytes [04:55 14/07/2009] [02:09 14/07/2009] 381BD4BC11B62CE13B187113D5C8B7F7
C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --a---- 190224 bytes [14:03 16/07/2012] [18:38 02/10/2012] F130CF5343B9A90E0A823049B9C34883
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~x86~en-US~6.1.7601.17514.cat --a---- 7716 bytes [18:50 16/05/2011] [14:36 20/11/2010] FDF85F28A840CCE4DFEE87CBFA94F75A
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~x86~en-US~6.1.7601.17514.mum --a---- 1583 bytes [18:50 16/05/2011] [14:14 20/11/2010] AD9E585C6287F506A0DD200883C46139
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~x86~~6.1.7601.17514.cat --a---- 7716 bytes [18:49 16/05/2011] [15:18 20/11/2010] 7ED8058157AC2B4D0BF71B2FDFC9E3D6
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~x86~~6.1.7601.17514.mum --a---- 1624 bytes [18:49 16/05/2011] [15:06 20/11/2010] 0809C710B02706D7A50C0783B83307CD
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 9069 bytes [04:56 14/07/2009] [03:22 14/07/2009] 0E6B0FDE58C3C62ADD13C4F93C6D0D41
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.mum --a---- 1497 bytes [04:56 14/07/2009] [02:10 14/07/2009] CCA4D02437C0F19CF6EE83A27FAA637C
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7601.17514.cat --a---- 10342 bytes [18:50 16/05/2011] [14:36 20/11/2010] E34D4C8338104471CE7347EA7F553BCC
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7601.17514.mum --a---- 1498 bytes [18:50 16/05/2011] [14:14 20/11/2010] 2796B4832DE7452877EF42A0B6DC4720
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~9.4.8112.16421.cat --a---- 8304 bytes [17:50 16/05/2011] [11:01 08/03/2011] 84751BB259731B7F54F624D4B2F9A4DE
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~9.4.8112.16421.mum --a---- 1497 bytes [17:50 16/05/2011] [11:00 08/03/2011] D8FDB566E16738A7988059BCF4D0F6B6
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 11092 bytes [04:49 14/07/2009] [02:19 14/07/2009] 68A67D61E67FDA8E35C5CEA51FB65C9B
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.mum --a---- 1497 bytes [04:49 14/07/2009] [20:45 13/07/2009] E55032CA3E031D551D70CD39BB0DBCEB
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17514.cat --a---- 14724 bytes [18:49 16/05/2011] [15:18 20/11/2010] D601897E701A33F948F57436DA8CE8CD
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17514.mum --a---- 1508 bytes [18:49 16/05/2011] [15:06 20/11/2010] 60AAE8C422E8363EA9AC2BFA9531933F
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~9.4.8112.16421.cat --a---- 10640 bytes [17:50 16/05/2011] [11:01 08/03/2011] 2A08839CF067563EB5BDE8B5064500F3
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~9.4.8112.16421.mum --a---- 1696 bytes [17:50 16/05/2011] [11:00 08/03/2011] DBA8EB5836859401CB040BBD355D04AF
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package-MiniLP~31bf3856ad364e35~x86~en-US~9.4.8112.16421.cat --a---- 7426 bytes [17:50 16/05/2011] [11:01 08/03/2011] 186C939FB9975564C1E2DC1020CA276D
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package-MiniLP~31bf3856ad364e35~x86~en-US~9.4.8112.16421.mum --a---- 1590 bytes [17:50 16/05/2011] [11:01 08/03/2011] F962BD5840C193460CD017BCEE045F24
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package-TopLevel~31bf3856ad364e35~x86~~9.4.8112.16421.cat --a---- 7426 bytes [17:50 16/05/2011] [11:01 08/03/2011] 21721212EF4B8D478C3D1C5AA0FA92F1
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package-TopLevel~31bf3856ad364e35~x86~~9.4.8112.16421.mum --a---- 1958 bytes [17:50 16/05/2011] [11:01 08/03/2011] 0357C19A408D90D3763D94A6358062D1
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 29335 bytes [04:56 14/07/2009] [03:22 14/07/2009] 173F1ACA71C7DF68639A5F521486B2AF
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.mum --a---- 1283 bytes [04:56 14/07/2009] [02:10 14/07/2009] 55A46C123A9970C413E685DF579805F8
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7601.17514.cat --a---- 31196 bytes [18:50 16/05/2011] [14:36 20/11/2010] 05A0193B40370E508EAA463844735D25
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7601.17514.mum --a---- 1303 bytes [18:50 16/05/2011] [14:14 20/11/2010] 2FDC8A1E26ADF8FA151E7162DE68843B
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~9.4.8112.16421.cat --a---- 34144 bytes [17:50 16/05/2011] [11:01 08/03/2011] ED183B491FE2D0D977E9EEE525231068
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~9.4.8112.16421.mum --a---- 2410 bytes [17:50 16/05/2011] [11:00 08/03/2011] 216D0761CE0897A292373696857E1827
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 145468 bytes [04:49 14/07/2009] [02:22 14/07/2009] 14B25D07EA66911EA244F17E435A9981
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7600.16385.mum --a---- 1244 bytes [04:49 14/07/2009] [20:45 13/07/2009] 7083A6AC19C07CFD5C36576E0825E23E
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7601.17514.cat --a---- 264831 bytes [18:49 16/05/2011] [15:18 20/11/2010] 2D3885DA4612C07B138E551B69EE5C0D
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7601.17514.mum --a---- 1268 bytes [18:49 16/05/2011] [15:06 20/11/2010] 835E09EFE39BEAA11CEB8686DC485C82
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~9.4.8112.16421.cat --a---- 7426 bytes [17:50 16/05/2011] [11:01 08/03/2011] 3B573B92B25FEF643C9A338F8D85DC1D
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~9.4.8112.16421.mum --a---- 1519 bytes [17:50 16/05/2011] [11:00 08/03/2011] 8A17110AEA71A38369FF1304ED1A4B1E
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.4.8112.16421.cat --a---- 208274 bytes [17:50 16/05/2011] [11:01 08/03/2011] E9657EFFF7FFB22994FA3401CB1831A0
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.4.8112.16421.mum --a---- 1936 bytes [17:50 16/05/2011] [11:00 08/03/2011] 3D026CE552C176A5DE0E81962688CA94
C:\Windows\System32\ExplorerFrame.dll --a---- 1493504 bytes [18:58 16/05/2011] [12:19 20/11/2010] E2A17BCC08D92F42E08AF6BA2F93ABA7
C:\Windows\System32\networkexplorer.dll --a---- 1661440 bytes [18:57 16/05/2011] [12:20 20/11/2010] 3D57FFBAD3ED16B63DE3879BAB0FB56F
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~x86~en-US~6.1.7601.17514.cat ----s-- 7716 bytes [18:50 16/05/2011] [14:36 20/11/2010] FDF85F28A840CCE4DFEE87CBFA94F75A
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~x86~~6.1.7601.17514.cat ----s-- 7716 bytes [18:49 16/05/2011] [15:18 20/11/2010] 7ED8058157AC2B4D0BF71B2FDFC9E3D6
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 9069 bytes [04:56 14/07/2009] [03:22 14/07/2009] 0E6B0FDE58C3C62ADD13C4F93C6D0D41
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7601.17514.cat ----s-- 10342 bytes [18:50 16/05/2011] [14:36 20/11/2010] E34D4C8338104471CE7347EA7F553BCC
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~9.4.8112.16421.cat ----s-- 8304 bytes [17:50 16/05/2011] [11:01 08/03/2011] 84751BB259731B7F54F624D4B2F9A4DE
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 11092 bytes [04:49 14/07/2009] [02:19 14/07/2009] 68A67D61E67FDA8E35C5CEA51FB65C9B
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17514.cat ----s-- 14724 bytes [18:49 16/05/2011] [15:18 20/11/2010] D601897E701A33F948F57436DA8CE8CD
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~9.4.8112.16421.cat ----s-- 10640 bytes [17:50 16/05/2011] [11:01 08/03/2011] 2A08839CF067563EB5BDE8B5064500F3
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package-MiniLP~31bf3856ad364e35~x86~en-US~9.4.8112.16421.cat ----s-- 7426 bytes [17:50 16/05/2011] [11:01 08/03/2011] 186C939FB9975564C1E2DC1020CA276D
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package-TopLevel~31bf3856ad364e35~x86~~9.4.8112.16421.cat ----s-- 7426 bytes [17:50 16/05/2011] [11:01 08/03/2011] 21721212EF4B8D478C3D1C5AA0FA92F1
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 29335 bytes [04:56 14/07/2009] [03:22 14/07/2009] 173F1ACA71C7DF68639A5F521486B2AF
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7601.17514.cat ----s-- 31196 bytes [18:50 16/05/2011] [14:36 20/11/2010] 05A0193B40370E508EAA463844735D25
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~9.4.8112.16421.cat ----s-- 34144 bytes [17:50 16/05/2011] [11:01 08/03/2011] ED183B491FE2D0D977E9EEE525231068
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 145468 bytes [04:49 14/07/2009] [02:22 14/07/2009] 14B25D07EA66911EA244F17E435A9981
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7601.17514.cat ----s-- 264831 bytes [18:49 16/05/2011] [15:18 20/11/2010] 2D3885DA4612C07B138E551B69EE5C0D
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~9.4.8112.16421.cat ----s-- 7426 bytes [17:50 16/05/2011] [11:01 08/03/2011] 3B573B92B25FEF643C9A338F8D85DC1D
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.4.8112.16421.cat ----s-- 208274 bytes [17:50 16/05/2011] [11:01 08/03/2011] E9657EFFF7FFB22994FA3401CB1831A0
C:\Windows\System32\en-US\explorerframe.dll.mui --a---- 18432 bytes [04:54 14/07/2009] [02:03 14/07/2009] BC486AFF277CD6AE2406FA1FE1B09D56
C:\Windows\System32\en-US\NetworkExplorer.dll.mui --a---- 6656 bytes [04:54 14/07/2009] [02:04 14/07/2009] 9701FCD12B3528411048A0D23A27A403
C:\Windows\System32\migwiz\dlmanifests\explorer-DL.man --a---- 2571 bytes [21:19 10/06/2009] [21:19 10/06/2009] 87354E386F0C6B4D1FD4D9301A468C76
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12749 bytes [20:44 13/07/2009] [02:11 02/07/2009] 4C0AF26AE7CB4A8231D81A3FF382FC05
C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-IE-InternetExplorer-repl.man --a---- 33037 bytes [20:44 13/07/2009] [02:11 02/07/2009] BC453CA6B054CC5BD5CD3579B244945D
C:\Windows\System32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [05:47 25/02/2011] 105767FBB2039774BADE7B91135812B2
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx --a---- 69632 bytes [17:29 16/05/2011] [17:32 16/05/2011] 3005BF77BE61352439226A291762BB1A
C:\Windows\winsxs\Backup\x86_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_en-us_534f06a653f639de_explorerframe.dll.mui_074caeb5 --a---- 18432 bytes [04:56 14/07/2009] [04:56 14/07/2009] BC486AFF277CD6AE2406FA1FE1B09D56
C:\Windows\winsxs\Backup\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7601.17514_none_c484734ed212ffe5.manifest --a---- 46850 bytes [19:15 16/05/2011] [19:09 16/05/2011] 311A3BE1616D33B5E7C4ACA165559153
C:\Windows\winsxs\Backup\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7601.17514_none_c484734ed212ffe5_explorerframe.dll_f3ae0f78 --a---- 1493504 bytes [19:15 16/05/2011] [19:09 16/05/2011] E2A17BCC08D92F42E08AF6BA2F93ABA7
C:\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms --a---- 4480 bytes [02:19 14/07/2009] [02:20 24/09/2012] 0ABA7BA3F7F0BC58F82743C01E473D3E
C:\Windows\winsxs\FileMaps\program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms --a---- 2924 bytes [04:56 14/07/2009] [17:50 16/05/2011] 211299D316A60FAB21332CF40BE88CF4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-e..orkexplorersettings_31bf3856ad364e35_6.1.7600.16385_none_b10b3efc38367506.manifest --a---- 4276 bytes [01:49 14/07/2009] [01:44 14/07/2009] 254998FE06214E791BAB8F9489C10741
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065.manifest --a---- 2146 bytes [04:54 14/07/2009] [02:28 14/07/2009] A7A71DBDBB58D2B9A16B53112AA6CB98
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b.manifest --a---- 46850 bytes [02:03 14/07/2009] [01:53 14/07/2009] C3A3A05890BEFE40188AADD02C4E4F5C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_c292442cd4f5996c.manifest ------- 46850 bytes [15:47 16/05/2011] [05:58 26/06/2010] 648CE426292B686D97871E68461C9E31
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.20743_none_c306411fee237118.manifest ------- 46850 bytes [15:47 16/05/2011] [05:45 26/06/2010] B45E04001558D03007D30DC4DC0AD883
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7601.17514_none_c484734ed212ffe5.manifest ------- 46850 bytes [18:41 16/05/2011] [10:07 20/11/2010] 311A3BE1616D33B5E7C4ACA165559153
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430.manifest --a---- 98185 bytes [02:03 14/07/2009] [01:47 14/07/2009] 429C0097C3A7DDF7254FBA9263AA2DE3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878.manifest ------- 98185 bytes [15:46 16/05/2011] [12:20 03/08/2009] B86A48DDFFE3CC3CC4AA6B334BD64D82
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1.manifest ------- 98185 bytes [15:48 16/05/2011] [06:15 31/10/2009] AC479F402AC458C10DEE76E8DBF451C7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef.manifest ------- 98185 bytes [15:47 16/05/2011] [06:05 26/02/2011] DC1059B0B50B90E0239C395BD02D1FBD
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6.manifest ------- 98185 bytes [15:46 16/05/2011] [12:32 03/08/2009] 12E81217DB91BAE7971963D27049513D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691.manifest ------- 98185 bytes [15:48 16/05/2011] [08:05 31/10/2009] D1D11ECF39A765A450370B6B997A03D4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373.manifest ------- 98185 bytes [15:47 16/05/2011] [06:20 26/02/2011] 2AFE1FA364010010105E5237B16D3333
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca.manifest ------- 98140 bytes [18:41 16/05/2011] [10:27 20/11/2010] 3CE4B7FFD6BFE4753C59DCAF988C89F4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84.manifest ------- 98185 bytes [15:47 16/05/2011] [06:00 25/02/2011] B453455E200DDA187DDD8352D9B10DE3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc.manifest ------- 98185 bytes [15:47 16/05/2011] [05:51 26/02/2011] 955AA97697C5FD659DCF8E62C7D2434A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_56dbccbc86b1ad11.manifest --a---- 2767 bytes [01:52 14/07/2009] [01:52 14/07/2009] 9F9F777D765F485BB6603536A20714E4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e7baabfd05e5435.manifest --a---- 2959 bytes [04:54 14/07/2009] [02:28 14/07/2009] 6806DF6BEBECA9FE94ACC9A25BA8D454
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7600.16385_none_41d6a532229096ec.manifest --a---- 41579 bytes [01:55 14/07/2009] [01:55 14/07/2009] 4340A5853875D9BD8F3462A3664165B2
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7601.17514_none_4407b8fa1f7f1a86.manifest ------- 41534 bytes [18:41 16/05/2011] [10:27 20/11/2010] 8227BC324CB009C17E3BF2930B336F63
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2.manifest --a---- 43816 bytes [01:58 14/07/2009] [01:58 14/07/2009] 3BA1D40362755D9F511915CD8FED4C0D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_b35da16e860a2bd3.manifest ------- 43816 bytes [15:47 16/05/2011] [06:11 24/02/2011] 6354E356464F393E57FA4DC6D3720254
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_b42a203b9ef553cc.manifest ------- 43816 bytes [15:47 16/05/2011] [06:27 24/02/2011] 6B5EA04638F1D1FF8A032F7D59F333F1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c.manifest ------- 43816 bytes [18:41 16/05/2011] [10:11 20/11/2010] 029BCD06D2D83C9AF08F8AF953E3C986
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949.manifest ------- 58293 bytes [17:50 16/05/2011] [17:50 16/05/2011] 0166BD2DC47DD4CCBCA868B6889194A2
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde.manifest ------- 58670 bytes [00:45 18/06/2012] [23:54 17/05/2012] 301C623CC4158112D35CE0AEEFB885CB
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935.manifest ------- 58670 bytes [14:22 13/07/2012] [09:48 02/06/2012] 73120E5B60670C20B3BBBE1A909D8388
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c.manifest ------- 58670 bytes [14:35 16/08/2012] [01:42 29/06/2012] 5348D3E091B732BA45647947915554C3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5.manifest ------- 58670 bytes [02:19 24/09/2012] [07:56 24/08/2012] CBED27B63D927B308A335FCBA8A7BD6D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6.manifest ------- 58670 bytes [00:45 18/06/2012] [23:21 17/05/2012] BF5BED58DA0EDCB1C5D32910833C90F6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94.manifest ------- 58670 bytes [14:22 13/07/2012] [09:20 02/06/2012] 104C072818B1D11C768E799E07A769CA
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb.manifest ------- 58670 bytes [14:35 16/08/2012] [00:06 29/06/2012] E03026D1698F8E38E904453DCE8C60A8
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0.manifest ------- 58670 bytes [02:19 24/09/2012] [08:03 24/08/2012] 7B6D2F8012762E4130627EB3EB6FB360
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..explorer-deployment_31bf3856ad364e35_8.0.7600.16385_none_6857ecc1f16095bc.manifest --a---- 19130 bytes [04:48 14/07/2009] [04:48 14/07/2009] B1D1F19665AC2E90C0AA4957F0AEBD15
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..explorer-deployment_31bf3856ad364e35_8.0.7601.17514_none_6a890089ee4f1956.manifest ------- 19133 bytes [18:44 16/05/2011] [18:44 16/05/2011] 1811C9E0B75A2AF30696CB7D75DCAAC5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..explorer-deployment_31bf3856ad364e35_9.4.8112.16421_none_6646f22533515943.manifest ------- 18142 bytes [17:50 16/05/2011] [17:50 16/05/2011] A836CD4F9DC3145289C52D8CDD00199A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_581d10712d1af452.manifest --a---- 2181 bytes [04:54 14/07/2009] [02:29 14/07/2009] 76B77D48608B1AC31BEA00B1BD81DBC7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_9.4.8112.16421_en-us_560c15d46f0bb7d9.manifest ------- 2181 bytes [17:50 16/05/2011] [17:50 16/05/2011] FECAA1C96770D49C26DAFD141C82196C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_49f29d63f2540eb7.manifest --a---- 77118 bytes [01:52 14/07/2009] [01:52 14/07/2009] A368A70A37D62628F3485A029A066F28
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_4c23b12bef429251.manifest ------- 77118 bytes [18:41 16/05/2011] [10:06 20/11/2010] D06B2482D666E2A8AFC44A23552EADF4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16421_none_47e1a2c73444d23e.manifest ------- 77698 bytes [17:50 16/05/2011] [17:50 16/05/2011] C919C518EB6C6BC3A31D6145A4941D95
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16446_none_47d10461345088d3.manifest ------- 77698 bytes [00:45 18/06/2012] [23:54 17/05/2012] 1F1A19F41874B6377525104C5C3D238B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16447_none_47d204ab344fa22a.manifest ------- 77698 bytes [14:22 13/07/2012] [09:48 02/06/2012] FBC7BA36E84A3D38A06559196DD9E324
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16448_none_47d304f5344ebb81.manifest ------- 77698 bytes [14:35 16/08/2012] [01:42 29/06/2012] AD69DFF3AC454507720E2B3DFA99BAC4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16450_none_47c032b9345e0cba.manifest ------- 77698 bytes [02:19 24/09/2012] [07:56 24/08/2012] AC1C1D6C485A8EF9C606FDB39B721535
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20551_none_484acfce4d7ac5db.manifest ------- 77698 bytes [00:45 18/06/2012] [23:21 17/05/2012] 5690B086845C5BC0BFCFD254D348D5D6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20553_none_484cd0624d78f889.manifest ------- 77698 bytes [14:22 13/07/2012] [09:20 02/06/2012] EC66EF509AB892DA0973D3B11D39E533
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20554_none_484dd0ac4d7811e0.manifest ------- 77698 bytes [14:35 16/08/2012] [00:06 29/06/2012] 73E57188198F23BFAFBF181197FFB9F5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20557_none_4850d18a4d755de5.manifest ------- 77698 bytes [02:19 24/09/2012] [08:03 24/08/2012] BFB6579ABBEB882D08E4DB5DD3B1DBEE
C:\Windows\winsxs\Manifests\x86_microsoft-windows-interface-explorer_31bf3856ad364e35_6.1.7600.16385_none_95606e4cece83916.manifest --a---- 963 bytes [02:03 14/07/2009] [01:46 14/07/2009] BCF6AD0DD5FA473B709AC222F682B6AA
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_87a958d2890f3511.manifest --a---- 3764 bytes [04:54 14/07/2009] [02:29 14/07/2009] AE0A19B88D4387BB778437DC48816DB3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7600.16385_none_4028b735a733f10a.manifest --a---- 14794 bytes [02:03 14/07/2009] [01:58 14/07/2009] 22F7DE323689E59E1F9AC62127190D34
C:\Windows\winsxs\Manifests\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_4259cafda42274a4.manifest ------- 14749 bytes [18:41 16/05/2011] [10:27 20/11/2010] 99011722D536DFAB1DD30ED784F57E13
C:\Windows\winsxs\Manifests\x86_microsoft-windows-search-explorer_31bf3856ad364e35_6.1.7600.16385_none_935b9b74b2c3e897.manifest --a---- 5897 bytes [01:55 14/07/2009] [01:46 14/07/2009] 92E83409F5961DD50ACB2CE7A7C1359A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-shell-internetexplorer_31bf3856ad364e35_6.1.7600.16385_none_842741c3b32bd40e.manifest --a---- 1140 bytes [02:03 14/07/2009] [01:46 14/07/2009] CC92C7BAC1542EB5A5F405D347688069
C:\Windows\winsxs\Manifests\x86_microsoft-windows-shell-internetexplorer_31bf3856ad364e35_6.1.7601.17514_none_8658558bb01a57a8.manifest ------- 1143 bytes [18:41 16/05/2011] [12:13 20/11/2010] 137EA56D60EAF28A9FCBA7980AE48142
C:\Windows\winsxs\Manifests\x86_microsoft-windows-windowsexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_f03d2d15172c49f0.manifest --a---- 2779 bytes [01:47 14/07/2009] [01:47 14/07/2009] DFD9FC8E971271D3B968A10292A89195
C:\Windows\winsxs\x86_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_en-us_534f06a653f639de\explorerframe.dll.mui --a---- 18432 bytes [04:54 14/07/2009] [02:03 14/07/2009] BC486AFF277CD6AE2406FA1FE1B09D56
C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui --a---- 22016 bytes [04:54 14/07/2009] [02:06 14/07/2009] B9F4B1CA23D60775736059D72BA48526
C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b\ExplorerFrame.dll --a---- 1495040 bytes [23:44 13/07/2009] [01:15 14/07/2009] FD13400115D3D0D70E087AB826DF593A
C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_c292442cd4f5996c\ExplorerFrame.dll --a---- 1495040 bytes [15:50 16/05/2011] [05:14 26/06/2010] 8898C95862D03D16B2A06DB4DB6BB6B2
C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.20743_none_c306411fee237118\ExplorerFrame.dll --a---- 1495552 bytes [15:50 16/05/2011] [05:07 26/06/2010] EB8635C271546A027DCAD0EDF765DE64
C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7601.17514_none_c484734ed212ffe5\ExplorerFrame.dll --a---- 1493504 bytes [18:58 16/05/2011] [12:19 20/11/2010] E2A17BCC08D92F42E08AF6BA2F93ABA7
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer-ppdlic.xrm-ms --a---- 3065 bytes [01:25 14/07/2009] [01:25 14/07/2009] F7DC315BA4E465D20EA75B88D5C3A5F8
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [05:55 03/08/2009] 179322B1AF820EF73EB6231B312A3112
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe --a---- 2613248 bytes [15:49 16/05/2011] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:50 16/05/2011] [05:59 31/10/2009] 4EEC220C7268BEDA3A76C9622EAFB6BB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe --a---- 2614272 bytes [15:50 16/05/2011] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [05:46 26/02/2011] 85BBB08ADAA367955232AEEDEDDED99B
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe --a---- 2614784 bytes [15:49 16/05/2011] [05:33 26/02/2011] 2AF58D15EDC06EC6FDACCE1F19482BBF
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [06:13 03/08/2009] E2FD11462CF95BB25A8440C7F2C2D1E9
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe --a---- 2613248 bytes [15:49 16/05/2011] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:50 16/05/2011] [06:09 31/10/2009] F88A36EEF75E6F1E24E9BCD244E33B01
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe --a---- 2614272 bytes [15:50 16/05/2011] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [06:03 26/02/2011] A22A871839C7FD622127471087C4BF44
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe --a---- 2614784 bytes [15:49 16/05/2011] [05:51 26/02/2011] 255CF508D7CFB10E0794D6AC93280BD8
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer-ppdlic.xrm-ms --a---- 3065 bytes [01:25 14/07/2009] [01:25 14/07/2009] F7DC315BA4E465D20EA75B88D5C3A5F8
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe --a---- 2616320 bytes [18:58 16/05/2011] [12:17 20/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [05:47 25/02/2011] 105767FBB2039774BADE7B91135812B2
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe --a---- 2616320 bytes [15:49 16/05/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer-ppdlic.xrm-ms --a---- 3065 bytes [15:49 16/05/2011] [05:36 26/02/2011] 83D53AF512566B1511A7CB963BD1AD19
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe --a---- 2616320 bytes [15:49 16/05/2011] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746
C:\Windows\winsxs\x86_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d70f26fdcde6530\GameExplorer.adml --a---- 1897 bytes [04:54 14/07/2009] [02:02 14/07/2009] 85EE206DDBF793929AC0467A02312D46
C:\Windows\winsxs\x86_microsoft-windows-gameexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_56dbccbc86b1ad11\GameExplorer.admx --a---- 2256 bytes [21:56 13/07/2009] [21:20 10/06/2009] 7223A757158F86DD27EC7D0D43C682AD
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_024f0ba1e4ed554c\explorer-DL.man --a---- 2571 bytes [21:19 10/06/2009] [21:19 10/06/2009] 87354E386F0C6B4D1FD4D9301A468C76
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_024f0ba1e4ed554c\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12749 bytes [20:44 13/07/2009] [02:11 02/07/2009] 4C0AF26AE7CB4A8231D81A3FF382FC05
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\explorer-DL.man --a---- 2571 bytes [21:19 10/06/2009] [21:19 10/06/2009] 87354E386F0C6B4D1FD4D9301A468C76
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12749 bytes [20:44 13/07/2009] [02:11 02/07/2009] 4C0AF26AE7CB4A8231D81A3FF382FC05
C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7600.16385_none_fbcab2314ccb2104\Microsoft-Windows-IE-InternetExplorer-repl.man --a---- 33037 bytes [20:44 13/07/2009] [02:11 02/07/2009] BC453CA6B054CC5BD5CD3579B244945D
C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_fdfbc5f949b9a49e\Microsoft-Windows-IE-InternetExplorer-repl.man --a---- 33037 bytes [20:44 13/07/2009] [02:11 02/07/2009] BC453CA6B054CC5BD5CD3579B244945D
C:\Windows\winsxs\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_87a958d2890f3511\NetworkExplorer.dll.mui --a---- 6656 bytes [04:54 14/07/2009] [02:04 14/07/2009] 9701FCD12B3528411048A0D23A27A403
C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7600.16385_none_4028b735a733f10a\networkexplorer.dll --a---- 1661440 bytes [23:53 13/07/2009] [01:16 14/07/2009] 4A056D7392F31EDA3AE1975E7010D7E3
C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_4259cafda42274a4\networkexplorer.dll --a---- 1661440 bytes [18:57 16/05/2011] [12:20 20/11/2010] 3D57FFBAD3ED16B63DE3879BAB0FB56F
C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml --a---- 3695 bytes [04:54 14/07/2009] [02:07 14/07/2009] 7A4C7F3CB156543113596988479CAFCE
C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx --a---- 3836 bytes [21:56 13/07/2009] [21:34 10/06/2009] AD131A834808E6AFF4A3918DE05BFCF6
C:\Windows\winsxs\x86_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c373de2e0418dd6f\WindowsExplorer.adml --a---- 48102 bytes [04:55 14/07/2009] [02:09 14/07/2009] 381BD4BC11B62CE13B187113D5C8B7F7
C:\Windows\winsxs\x86_microsoft-windows-windowsexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_f03d2d15172c49f0\WindowsExplorer.admx --a---- 35942 bytes [21:56 13/07/2009] [21:34 10/06/2009] 6BBA1E311D9D0E64713CFD0C6C74CBF4

-= EOF =-

******************* AdwCleaner ******************************************************
# AdwCleaner v2.003 - Logfile created 10/02/2012 at 13:49:16
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : ritu-admin - XXX-YYY-ZZZ
# Boot Mode : Normal
# Running from : C:\Users\ritu-admin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Users\ra25572\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKU\S-1-5-21-527237240-963894560-725345543-5562997\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-527237240-963894560-725345543-5562997\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\taccster\AppData\Roaming\Mozilla\Firefox\Profiles\0pb6alll.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\ritu-admin\AppData\Roaming\Mozilla\Firefox\Profiles\syhpwoth.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\nobles\AppData\Roaming\Mozilla\Firefox\Profiles\001jstld.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\ra25572\AppData\Roaming\Mozilla\Firefox\Profiles\g4owdajl.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.0.5");
Deleted : user_pref("browser.bdtoolbar.orig_keyword_url", "hxxps://isearch.avg.com/search?cid=%7Be62adba0-1be6[...]
Deleted : user_pref("browser.bdtoolbar.orig_searchEngine", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Be62adba0-1be6-42ec-ada3-0cee9c99f3c9[...]

*************************

AdwCleaner[S1].txt - [2994 octets] - [02/10/2012 13:49:16]

########## EOF - C:\AdwCleaner[S1].txt - [3054 octets] ##########

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 02 October 2012 - 11:12 PM

Any improvements? :blink:

Edited by Conspire, 02 October 2012 - 11:13 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 auriga

auriga
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 03 October 2012 - 12:23 AM

For few minutes, I felt that the virus is gone but as soon as I finished watching a video on Dailymotion.com (for testing purposes), I realized that things haven't changed. The infection is still there or may be it returned after visiting Dailymotion.com. I am going to rerun SystemLook and AdwCleaner. Any further advice?

Thanks a lot for all your effort Conspire!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users