PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
Windows Police Pro, can't run mba..
Have something to say? Contribute New Article Reply to this Article Windows Police Pro, can't run mba..
First off, I've read Kevin's thread and the others. I have followed all those instructions yet mbam stops after 25 seconds.
I'm running Windows XP Compaq laptop.
I've tried command prompt for mbam also, I get access denied.
I've killed svchasts.exe through tsmgr and admin tools. Renamed Windows Police Pro program folder and deleted it. After restart I kill svchasts.exe and under admin it is disabled.
I've uninstalled mbam and reinstalled to no avail. All anti-virus programs are hijacked.
It seems that mbam will solve the problem, but I am unable to get it to run.
Any help will be greatly appreciated as we have no Windows disk or recovery drive.
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Here's the log.
###############################################
# #
# *** PeekabooXP v1.2.7 © by PhilliePhan *** #
# #
###############################################
PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES!
PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.
______________________________________________________________________________________________________
Microsoft Windows XP [Version 5.1.2600]
Mon 08/31/2009
01:50 AM
PeekabooXP is running from C:\PKBOO
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rachel\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QAPMOC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rachel
LOGONSERVER=\\QAPMOC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rachel\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rachel\LOCALS~1\Temp
USERDOMAIN=QAPMOC
USERNAME=Rachel
USERPROFILE=C:\Documents and Settings\Rachel
windir=C:\WINDOWS
______________________________________________________________________________________________________
** RUNNING PROCESSES **
PROCESS PID PRIO PATH
smss.exe 540 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 604 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 628 High C:\WINDOWS\system32\winlogon.exe
services.exe 680 Normal C:\WINDOWS\system32\services.exe
lsass.exe 692 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 868 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 980 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1084 Normal C:\WINDOWS\System32\svchost.exe
acs.exe 1192 Normal C:\WINDOWS\System32\acs.exe
svchost.exe 1360 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1448 Normal C:\WINDOWS\System32\svchost.exe
spoolsv.exe 1652 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1840 Normal C:\WINDOWS\System32\svchost.exe
AppleMobileDeviceService.exe 1872 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Ati2evxx.exe 1896 Normal C:\WINDOWS\System32\Ati2evxx.exe
mDNSResponder.exe 1984 Normal C:\Program Files\Bonjour\mDNSResponder.exe
HPConfig.exe 280 Normal C:\WINDOWS\system32\HPConfig.exe
HPWirelessMgr.exe 332 Normal C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
McSACore.exe 412 Normal C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
mcmscsvc.exe 528 Normal C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
mcnasvc.exe 912 Normal c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
mcproxy.exe 1080 Normal c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
mcshield.exe 1252 High C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MPFSrv.exe 1496 Normal C:\Program Files\McAfee\MPF\MPFSrv.exe
svchost.exe 1744 Normal C:\WINDOWS\System32\svchost.exe
MsPMSPSv.exe 2128 Normal C:\WINDOWS\System32\MsPMSPSv.exe
mcagent.exe 3060 Normal c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Explorer.exe 3532 Normal C:\WINDOWS\Explorer.exe
svchost.exe 3712 Normal C:\WINDOWS\System32\svchost.exe
carpserv.exe 748 Normal C:\WINDOWS\system32\carpserv.exe
DrgToDsc.exe 2832 Normal C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
SynTPEnh.exe 3496 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
atiptaxx.exe 832 Normal C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SynTPLpr.exe 3276 Normal C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
OxiTray.exe 3956 Normal C:\Program Files\Oxigen\bin\OxiTray.exe
Oxigen.exe 4052 Normal C:\Program Files\Oxigen\bin\Oxigen.exe
SweetIM.exe 192 Normal C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
AirPlus.exe 2056 Normal C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
braviax.exe 1332 Normal C:\WINDOWS\system32\braviax.exe
Reg.exe 3232 Normal C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\Reg.exe
FirePod.exe 4012 Normal C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
GoogleToolbarNotifier.exe 2100 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
iTunesHelper.exe 3360 Normal C:\Program Files\iTunes\iTunesHelper.exe
winampa.exe 904 Normal C:\Program Files\Winamp\winampa.exe
iPodService.exe 2844 Normal C:\Program Files\iPod\bin\iPodService.exe
mcsysmon.exe 2624 Normal C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
cmd.exe 2336 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 2208 Normal C:\WINDOWS\system32\ntvdm.exe
pv.exe 1788 Normal C:\PKBOO\pv.exe
______________________________________________________________________________________________________
** SELECT RUN KEYS **
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"Display Settings"="C:\\Program Files\\HPQ\\Notebook Utilities\\hptasks.exe /s"
"QT4HPOT"="C:\\Program Files\\HPQ\\One-Touch\\OneTouch.EXE"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"Workflow"="D:\\Workflow.exe"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"OxigenClientAdmin"="\"C:\\Program Files\\Oxigen\\bin\\Oxigen.exe\""
"OxigenTrayIcon"="C:\\Program Files\\Oxigen\\bin\\OxiTray.exe"
"Google IME Autoupdater"="\"C:\\Program Files\\Google\\Google Pinyin\\GooglePinyinDaemon.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"mcagent_exe"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"
"McENUI"="C:\\PROGRA~1\\McAfee\\MHN\\McENUI.exe /hide"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"braviax"="C:\\WINDOWS\\system32\\braviax.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"vamanipetu"="Rundll32.exe \"C:\\WINDOWS\\system32\\nepimari.dll\",s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
---------------------------------------------------------------------
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
---------------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"braviax"="C:\\WINDOWS\\system32\\braviax.exe"
"DelayShred"="c:\\PROGRA~1\\mcafee\\mshr\\ShrCL.EXE /P7 /q C:\\DOCUME~1\\Rachel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\7S7JRGNA\\GOOGLE~1.SH!"
______________________________________________________________________________________________________
** Browser Helper Objects **
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cf1638a-499b-4985-b05b-940e200c870b}]
______________________________________________________________________________________________________
** SYSTEM.INI **
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
______________________________________________________________________________________________________
** UNINSTALL LIST **
(Please note that Many Microsoft Updates and Hotfixes have been filtered from this list)
"Adobe Flash Player 10 ActiveX"
"Adobe Flash Player 10 Plugin"
"Adobe Reader 7.0.8"
"Adobe Shockwave Player 11.5"
"Apple Mobile Device Support"
"Apple Software Update"
"ASIO4ALL"
"ATI Control Panel"
"ATI Display Driver"
"Bonjour"
"CCleaner (remove only)"
"CCScore"
"Collab"
"Conexant 56K ACLink Modem"
"Conexant AC-Link Audio"
"D-Link AirPlus G Wireless Adapter "
"DP8381x 10/100 PCI Network Adapter Driver"
"Easy CD & DVD Creator 6"
"ESSBrwr"
"ESSCDBK"
"ESScore"
"ESSgui"
"ESSini"
"ESSPCD"
"ESSPDock"
"ESSSONIC"
"ESSTOOLS"
"essvatgt"
"fflink"
"FL Studio 7"
"Google Pinyin IME"
"Google Updater"
"HP Wireless LAN Driver"
"HP WLAN 54g W450 Network Adapter"
"IL Download Manager"
"InterVideo WinDVD"
"iPod for Windows 2005-09-06"
"iPod for Windows 2005-09-06"
"iTunes"
"Java 2 Runtime Environment, SE v1.4.2"
"Jockey"
"kgcbaby"
"kgcbase"
"kgchday"
"kgchlwn"
"kgcinvt"
"kgckids"
"kgcmove"
"kgcvday"
"Kodak EasyShare software"
"LiveReg (Symantec Corporation)"
"Macrogaming SweetIM 1.2a"
"Macromedia Shockwave Player"
"McAfee SecurityCenter"
"Microsoft .NET Framework 1.1"
"Microsoft .NET Framework 1.1"
"Microsoft .NET Framework 2.0 Service Pack 2"
"Microsoft .NET Framework 3.0 Service Pack 2"
"Microsoft .NET Framework 3.5 SP1"
"Microsoft .NET Framework 3.5 SP1"
"Microsoft Compression Client Pack 1.0 for Windows XP"
"Microsoft Internationalized Domain Names Mitigation APIs"
"Microsoft National Language Support Downlevel APIs"
"Microsoft Office Professional Edition 2003"
"Microsoft Silverlight"
"Microsoft User-Mode Driver Framework Feature Pack 1.0"
"Mozilla Firefox (3.5.2)"
"MPlayer for Windows (Full Package)"
"Native Instruments Guitar Rig v1.1.2"
"netbrdg"
"Notebook Utilities"
"OfotoXMI"
"One-Touch Buttons"
"Oxigen Client v5.00.0000"
"PC Antispyware 2010"
"Pitch Fix Trial"
"PreSonus 1394 Audio Driver v2.46 (FirePod)"
"QuickTime"
"Replay Converter 2.8"
"Replay Media Catcher"
"Replay Media Splitter 1.6.903"
"Replay Video Capture"
"SFR"
"SHASTA"
"skin0001"
"SKINXSDK"
"SopCast 3.0.3"
"staticcr"
"Steinberg Cubase SX v2.2.0.33"
"Stream Torrent 1.0"
"Symantec KB-DocID:2003093015493306"
"Synaptics Pointing Device Driver"
"T-RackS Plug-in"
"tooltips"
"TVAnts 1.0"
"TVUPlayer 2.4.7.2"
"UUSee ýúý†¬_¯—'ø 4.8.2.4"
"UUSee IoA‡æ‡EO [4.8.204.15]"
"Veetle TV 0.9.15"
"VLC media player 0.9.8a"
"VPRINTOL"
"WebFldrs XP"
"Winamp"
"Windows Genuine Advantage v1.3.0254.0"
"Windows Imaging Component"
"Windows Internet Explorer 7"
"Windows Internet Explorer 8"
"Windows Media Format 11 runtime"
"Windows Media Format 11 runtime"
"Windows Media Player 11"
"Windows Media Player 11"
"Windows XP Service Pack 2"
"WinRAR archiver"
"WIRELESS"
"Zoran Video Camera Drivers V1.0"
______________________________________________________________________________________________________
** RECENTLY ADDED FILES **
2009-08-31 AD... "C:\PKBOO"
2009-08-31 A.SH. 704,643,072 "C:\pagefile.sys"
2009-08-31 A.SH. 468,242,432 "C:\hiberfil.sys"
2009-08-31 A.SH. 16,384 "C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat"
2009-08-31 A.S.. 2,048 "C:\WINDOWS\bootstat.dat"
2009-08-31 A..H. 6 "C:\WINDOWS\Tasks\SA.DAT"
2009-08-31 A.... 5,799,936 "C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA"
2009-08-31 A.... 32,768 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat"
2009-08-31 A.... 32,768 "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat"
2009-08-31 A.... 32,768 "C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat"
2009-08-31 .D... "C:\Program Files\CCleaner"
2009-08-31 .D... "C:\PKBTEMP"
2009-08-30 A.SH. 211 "C:\boot.ini"
2009-08-30 A..H. 4,841,690 "C:\Documents and Settings\Rachel\Local Settings\Application Data\IconCache.db"
2009-08-30 A.... 488,960 "C:\WINDOWS\system32\dddesot.dll"
2009-08-30 A.... 440,320 "C:\WINDOWS\system32\desote.exe"
2009-08-30 A.... 336,272 "C:\WINDOWS\Prefetch\Layout.ini"
2009-08-30 A.... 191,111 "C:\WINDOWS\system32\wisdstr.exe"
2009-08-30 A.... 163,840 "C:\WINDOWS\svchasts.exe"
2009-08-30 A.... 76,288 "C:\WINDOWS\system32\~.exe"
2009-08-30 A.... 18,630 "C:\Documents and Settings\Rachel\Local Settings\Application Data\ezilemad.dl"
2009-08-30 A.... 18,310 "C:\Documents and Settings\Rachel\Application Data\ysemoton.dat"
2009-08-30 A.... 16,964 "C:\WINDOWS\fixozepy.vbs"
2009-08-30 A.... 16,890 "C:\Documents and Settings\All Users\Application Data\esacomub.inf"
2009-08-30 A.... 16,669 "C:\Documents and Settings\All Users\Application Data\icyw.dat"
2009-08-30 A.... 15,056 "C:\Documents and Settings\Rachel\Local Settings\Application Data\ygoky.lib"
2009-08-30 A.... 14,629 "C:\Documents and Settings\Rachel\Application Data\cywac._sy"
2009-08-30 A.... 14,412 "C:\Documents and Settings\Rachel\Local Settings\Application Data\aryqiborip.dl"
2009-08-30 A.... 12,955 "C:\WINDOWS\system32\aluzivo.exe"
2009-08-30 A.... 12,264 "C:\Program Files\Common Files\pijihyb.com"
2009-08-30 A.... 11,264 "C:\WINDOWS\system32\braviax.exe"
2009-08-30 A.... 10,035 "C:\Documents and Settings\Rachel\Local Settings\Application Data\pekesor._sy"
2009-08-30 A.... 613 "C:\WINDOWS\win.ini"
2009-08-30 A.... 227 "C:\WINDOWS\system.ini"
2009-08-30 A.... 58 "C:\WINDOWS\ppp4.dat"
2009-08-30 A.... 36 "C:\WINDOWS\system32\sysnet.dat"
2009-08-30 A.... 4 "C:\WINDOWS\system32\bincd32.dat"
2009-08-30 A.... 3 "C:\WINDOWS\ppp3.dat"
2009-08-30 A.... 0 "C:\1478131342"
2009-08-30 .D... "C:\Documents and Settings\Rachel\Application Data\Mozilla"
2009-08-24 A.... 69,632 "C:\Documents and Settings\Rachel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini"
2009-08-22 .D... "C:\Program Files\TVUPlayer"
2009-08-22 .D... "C:\Documents and Settings\All Users\Application Data\TVU Networks"
2009-08-19 .D... "C:\Program Files\MPlayer for Windows"
2009-08-19 .D... "C:\Program Files\Common Files\NSV"
2009-08-18 A.... 778 "C:\split.log"
2009-08-14 A.... 737,280 "C:\WINDOWS\iun6002.exe"
2009-08-14 .D... "C:\REPSPL"
2009-08-12 A...R 794,624 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe"
2009-08-12 A...R 593,920 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe"
2009-08-12 A...R 409,600 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe"
2009-08-12 A...R 286,720 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe"
2009-08-12 A...R 249,856 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe"
2009-08-12 A...R 135,168 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe"
2009-08-12 A...R 61,440 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe"
2009-08-12 A...R 27,136 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe"
2009-08-12 A...R 23,040 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe"
2009-08-12 A...R 12,288 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe"
2009-08-12 A...R 11,264 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe"
2009-08-12 A...R 4,096 "C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe"
2009-08-09 A.... 74,424 "C:\Documents and Settings\Rachel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT"
2009-08-08 A.... 17,317,888 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll"
2009-08-08 A.... 14,327,808 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll"
2009-08-08 A.... 12,430,848 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll"
2009-08-08 A.... 12,216,320 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll"
2009-08-08 A.... 11,796,992 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll"
2009-08-08 A.... 11,486,720 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll"
2009-08-08 A.... 10,683,392 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll"
2009-08-08 A.... 9,924,096 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll"
2009-08-08 A.... 7,868,416 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll"
2009-08-08 A.... 6,616,576 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll"
2009-08-08 A.... 5,931,008 "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll"
2009-08-08 A.... 5,450,752 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll"
2009-08-08 A.... 5,283,840 "C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll"
2009-08-08 A.... 5,242,880 "C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll"
2009-08-08 A.... 5,062,656 "C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll"
2009-08-08 A.... 5,025,792 "C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll"
2009-08-08 A.... 4,546,560 "C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll"
2009-08-08 A.... 4,514,304 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll"
2009-08-08 A.... 4,210,688 "C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll"
2009-08-08 A.... 3,313,664 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll"
2009-08-08 A.... 3,149,824 "C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll"
2009-08-08 A.... 2,992,640 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll"
2009-08-08 A.... 2,933,248 "C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll"
2009-08-08 A.... 2,884,288 "C:\WINDOWS\system32\FNTCACHE.DAT"
2009-08-08 A.... 2,879,488 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll"
2009-08-08 A.... 2,516,480 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll"
2009-08-08 A.... 2,510,336 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll"
2009-08-08 A.... 2,403,328 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll"
2009-08-08 A.... 2,338,304 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll"
2009-08-08 A.... 2,332,160 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll"
2009-08-08 A.... 2,295,296 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll"
2009-08-08 A.... 2,209,280 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll"
2009-08-08 A.... 2,128,896 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll"
2009-08-08 A.... 2,048,000 "C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll"
2009-08-08 A.... 1,966,080 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll"
2009-08-08 A.... 1,917,440 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll"
2009-08-08 A.... 1,908,224 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll"
2009-08-08 A.... 1,888,768 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll"
2009-08-08 A.... 1,840,640 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll"
2009-08-08 A.... 1,801,216 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll"
2009-08-08 A.... 1,712,128 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll"
2009-08-08 A.... 1,706,496 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll"
2009-08-08 A.... 1,657,856 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll"
2009-08-08 A.... 1,630,208 "C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll"
2009-08-08 A.... 1,620,992 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll"
2009-08-08 A.... 1,587,200 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll"
2009-08-08 A.... 1,451,008 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll"
2009-08-08 A.... 1,356,288 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll"
2009-08-08 A.... 1,328,128 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll"
2009-08-08 A.... 1,277,952 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll"
2009-08-08 A.... 1,245,184 "C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll"
2009-08-08 A.... 1,138,688 "C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll"
2009-08-08 A.... 1,116,672 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll"
2009-08-08 A.... 1,093,120 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll"
2009-08-08 A.... 1,056,768 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll"
2009-08-08 A.... 1,049,600 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll"
2009-08-08 A.... 1,035,264 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll"
2009-08-08 A.... 998,400 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll"
2009-08-08 A.... 971,264 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll"
2009-08-08 A.... 970,752 "C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll"
2009-08-08 A.... 966,656 "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll"
2009-08-08 A.... 939,008 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll"
2009-08-08 A.... 881,152 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll"
2009-08-08 A.... 864,256 "C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll"
2009-08-08 A.... 859,648 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll"
2009-08-08 A.... 842,240 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll"
2009-08-08 A.... 839,680 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll"
2009-08-08 A.... 839,680 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll"
2009-08-08 A.... 835,584 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll"
2009-08-08 A.... 802,816 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll"
2009-08-08 A.... 756,736 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll"
2009-08-08 A.... 749,568 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll"
2009-08-08 A.... 745,472 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll"
2009-08-08 A.... 733,184 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll"
2009-08-08 A.... 688,128 "C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll"
2009-08-08 A.... 684,032 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll"
2009-08-08 A.... 676,352 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll"
2009-08-08 A.... 667,648 "C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll"
2009-08-08 A.... 659,456 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll"
2009-08-08 A.... 655,360 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll"
2009-08-08 A.... 633,856 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll"
2009-08-08 A.... 627,712 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll"
2009-08-08 A.... 627,200 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll"
2009-08-08 A.... 626,688 "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll"
2009-08-08 A.... 621,056 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll"
2009-08-08 A.... 598,016 "C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll"
2009-08-08 A.... 569,344 "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll"
2009-08-08 A.... 547,328 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll"
2009-08-08 A.... 540,672 "C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll"
2009-08-08 A.... 539,648 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll"
2009-08-08 A.... 528,384 "C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll"
2009-08-08 A.... 507,904 "C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll"
2009-08-08 A.... 507,904 "C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll"
2009-08-08 A.... 506,244 "C:\WINDOWS\system32\PerfStringBackup.INI"
2009-08-08 A.... 486,400 "C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll"
2009-08-08 A.... 455,680 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll"
2009-08-08 A.... 447,488 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll"
2009-08-08 A.... 444,596 "C:\WINDOWS\system32\perfh009.dat"
2009-08-08 A.... 442,368 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll"
2009-08-08 A.... 430,080 "C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll"
2009-08-08 A.... 425,984 "C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll"
2009-08-08 A.... 410,112 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe"
2009-08-08 A.... 401,408 "C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll"
2009-08-08 A.... 400,896 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll"
2009-08-08 A.... 397,312 "C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll"
2009-08-08 A.... 397,312 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll"
2009-08-08 A.... 386,560 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll"
2009-08-08 A.... 385,024 "C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll"
2009-08-08 A.... 381,440 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll"
2009-08-08 A.... 372,736 "C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll"
2009-08-08 A.... 372,736 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll"
2009-08-08 A.... 368,640 "C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll"
2009-08-08 A.... 368,128 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll"
2009-08-08 A.... 366,080 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe"
2009-08-08 A.... 354,816 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll"
2009-08-08 A.... 348,160 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll"
2009-08-08 A.... 335,872 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll"
2009-08-08 A.... 330,752 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll"
2009-08-08 A.... 328,704 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll"
2009-08-08 A.... 321,536 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe"
2009-08-08 A.... 320,512 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe"
2009-08-08 A.... 311,296 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll"
2009-08-08 A.... 303,104 "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll"
2009-08-08 A.... 301,056 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll"
2009-08-08 A.... 294,912 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll"
2009-08-08 A.... 286,720 "C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll"
2009-08-08 A.... 280,064 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll"
2009-08-08 A.... 261,632 "C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll"
2009-08-08 A.... 258,048 "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
2009-08-08 A.... 258,048 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll"
2009-08-08 A.... 258,048 "C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll"
2009-08-08 A.... 258,048 "C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll"
2009-08-08 A.... 258,048 "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll"
2009-08-08 A.... 256,000 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll"
2009-08-08 A.... 240,128 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll"
2009-08-08 A.... 233,472 "C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll"
2009-08-08 A.... 229,376 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll"
2009-08-08 A.... 229,376 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll"
2009-08-08 A.... 224,768 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll"
2009-08-08 A.... 222,720 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll"
2009-08-08 A.... 220,672 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll"
2009-08-08 A.... 212,992 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll"
2009-08-08 A.... 212,992 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll"
2009-08-08 A.... 208,384 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll"
2009-08-08 A.... 202,240 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll"
2009-08-08 A.... 196,608 "C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll"
2009-08-08 A.... 188,416 "C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll"
2009-08-08 A.... 187,904 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll"
2009-08-08 A.... 175,104 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll"
2009-08-08 A.... 167,936 "C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll"
2009-08-08 A.... 163,840 "C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll"
2009-08-08 A.... 163,840 "C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll"
2009-08-08 A.... 163,840 "C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll"
2009-08-08 A.... 144,384 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll"
2009-08-08 A.... 143,360 "C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll"
2009-08-08 A.... 141,312 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll"
2009-08-08 A.... 141,312 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll"
2009-08-08 A.... 139,264 "C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll"
2009-08-08 A.... 139,264 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll"
2009-08-08 A.... 139,264 "C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll"
2009-08-08 A.... 135,680 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll"
2009-08-08 A.... 133,632 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe"
2009-08-08 A.... 131,072 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll"
2009-08-08 A.... 131,072 "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll"
2009-08-08 A.... 131,072 "C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll"
2009-08-08 A.... 129,536 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll"
2009-08-08 A.... 126,976 "C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll"
2009-08-08 A.... 114,688 "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll"
2009-08-08 A.... 114,688 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll"
2009-08-08 A.... 113,664 "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"
2009-08-08 A.... 113,664 "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll"
2009-08-08 A.... 110,592 "C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll"
2009-08-08 A.... 110,592 "C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll"
2009-08-08 A.... 110,592 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll"
2009-08-08 A.... 106,496 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll"
2009-08-08 A.... 98,304 "C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll"
2009-08-08 A.... 94,208 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll"
2009-08-08 A.... 94,208 "C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll"
2009-08-08 A.... 94,208 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll"
2009-08-08 A.... 82,944 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll"
2009-08-08 A.... 81,920 "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll"
2009-08-08 A.... 81,920 "C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll"
2009-08-08 A.... 77,824 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll"
2009-08-08 A.... 77,824 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll"
2009-08-08 A.... 77,824 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll"
2009-08-08 A.... 77,824 "C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll"
2009-08-08 A.... 74,752 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll"
2009-08-08 A.... 73,728 "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll"
2009-08-08 A.... 72,306 "C:\WINDOWS\system32\perfc009.dat"
2009-08-08 A.... 72,192 "C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll"
2009-08-08 A.... 69,120 "C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll"
2009-08-08 A.... 65,024 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll"
2009-08-08 A.... 61,440 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll"
2009-08-08 A.... 60,928 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll"
2009-08-08 A.... 57,344 "C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll"
2009-08-08 A.... 55,296 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll"
2009-08-08 A.... 53,248 "C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll"
2009-08-08 A.... 47,104 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe"
2009-08-08 A.... 46,104 "C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe"
2009-08-08 A.... 45,056 "C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll"
2009-08-08 A.... 41,984 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll"
2009-08-08 A.... 40,960 "C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll"
2009-08-08 A.... 39,424 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll"
2009-08-08 A.... 37,888 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll"
2009-08-08 A.... 36,864 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll"
2009-08-08 A.... 36,864 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll"
2009-08-08 A.... 36,864 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll"
2009-08-08 A.... 32,768 "C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll"
2009-08-08 A.... 32,768 "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll"
2009-08-08 A.... 32,768 "C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll"
2009-08-08 A.... 32,768 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll"
2009-08-08 A.... 28,672 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll"
2009-08-08 A.... 25,600 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll"
2009-08-08 A.... 14,336 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe"
2009-08-08 A.... 13,312 "C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll"
2009-08-08 A.... 12,800 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll"
2009-08-08 A.... 12,288 "C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll"
2009-08-08 A.... 10,752 "C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll"
2009-08-08 A.... 8,192 "C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll"
2009-08-08 A.... 8,192 "C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll"
2009-08-08 A.... 7,168 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll"
2009-08-08 A.... 6,656 "C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll"
2009-08-08 A.... 5,632 "C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll"
2009-08-08 A.... 5,632 "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll"
2009-08-08 .D... "C:\Program Files\Reference Assemblies"
2009-08-08 .D... "C:\Program Files\MSXML 6.0"
2009-08-08 .D... "C:\Program Files\MSBuild"
2009-08-08 .D... "C:\Program Files\Microsoft Silverlight"
2009-08-08 .D... "C:\a6934de93bf88e0a3bce6630233dd5"
2009-08-08 ...HR 0 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index8a.dat"
2009-08-08 ...HR 0 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index89.dat"
2009-08-08 ...HR 0 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index33.dat"
2009-08-05 A..H. 56,972 "C:\WINDOWS\system32\mlfcache.dat"
2009-08-05 A.... 204,800 "C:\WINDOWS\system32\mswebdvd.dll"
2009-08-05 A.... 204,800 "C:\WINDOWS\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll"
2009-08-05 A.... 204,800 "C:\WINDOWS\$hf_mig$\KB973815\SP3GDR\mswebdvd.dll"
2009-08-05 A.... 204,800 "C:\WINDOWS\$hf_mig$\KB973815\SP2QFE\mswebdvd.dll"
2009-08-05 ..... 204,800 "C:\WINDOWS\system32\dllcache\mswebdvd.dll"
______________________________________________________________________________________________________
** LISTING SERVICES **
SERVICE_NAME: ACS
BINARY_PATH_NAME : C:\WINDOWS\System32\acs.exe
SERVICE_NAME: Apple Mobile Device
BINARY_PATH_NAME : "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
SERVICE_NAME: Ati HotKey Poller
BINARY_PATH_NAME : C:\WINDOWS\System32\Ati2evxx.exe
SERVICE_NAME: AudioSrv
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: BITS
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: Bonjour Service
BINARY_PATH_NAME : "C:\Program Files\Bonjour\mDNSResponder.exe"
SERVICE_NAME: Browser
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: CryptSvc
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
SERVICE_NAME: DcomLaunch
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
SERVICE_NAME: Dhcp
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: Dnscache
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
SERVICE_NAME: ERSvc
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: Eventlog
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
SERVICE_NAME: EventSystem
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: helpsvc
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: HPConfig
BINARY_PATH_NAME : C:\WINDOWS\system32\HPConfig.exe
SERVICE_NAME: HPWirelessMgr
BINARY_PATH_NAME : C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
SERVICE_NAME: HTTPFilter
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
SERVICE_NAME: iPod Service
BINARY_PATH_NAME : "C:\Program Files\iPod\bin\iPodService.exe"
SERVICE_NAME: lanmanserver
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: lanmanworkstation
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: LmHosts
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
SERVICE_NAME: McAfee SiteAdvisor Service
BINARY_PATH_NAME : "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
SERVICE_NAME: mcmscsvc
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
SERVICE_NAME: McNASvc
BINARY_PATH_NAME : "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
SERVICE_NAME: McProxy
BINARY_PATH_NAME : c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
SERVICE_NAME: McShield
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
SERVICE_NAME: McSysmon
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
SERVICE_NAME: MpfService
BINARY_PATH_NAME : "C:\Program Files\McAfee\MPF\MPFSrv.exe"
SERVICE_NAME: Netman
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: Nla
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: PlugPlay
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
SERVICE_NAME: PolicyAgent
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
SERVICE_NAME: ProtectedStorage
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
SERVICE_NAME: RasMan
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: RpcSs
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
SERVICE_NAME: SamSs
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
SERVICE_NAME: Schedule
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: seclogon
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: SENS
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
SERVICE_NAME: SharedAccess
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: ShellHWDetection
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: Spooler
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
SERVICE_NAME: srservice
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: SSDPSRV
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
SERVICE_NAME: stisvc
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
SERVICE_NAME: TapiSrv
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: TermService
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
SERVICE_NAME: Themes
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: TrkWks
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
SERVICE_NAME: W32Time
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: WebClient
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
SERVICE_NAME: winmgmt
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
SERVICE_NAME: WMDM PMSP Service
BINARY_PATH_NAME : C:\WINDOWS\System32\MsPMSPSv.exe
SERVICE_NAME: wscsvc
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE_NAME: WZCSVC
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
______________________________________________________________________________________________________
** LISTING DRIVERS **
SERVICE_NAME: ACPI
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\ACPI.sys
SERVICE_NAME: ACPIEC
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\ACPIEC.sys
SERVICE_NAME: AFD
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
SERVICE_NAME: AliIde
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\aliide.sys
SERVICE_NAME: AmdK7
BINARY_PATH_NAME : System32\DRIVERS\amdk7.sys
SERVICE_NAME: atapi
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\atapi.sys
SERVICE_NAME: ati2mtag
BINARY_PATH_NAME : System32\DRIVERS\ati2mtag.sys
SERVICE_NAME: audstub
BINARY_PATH_NAME : System32\DRIVERS\audstub.sys
SERVICE_NAME: Beep
BINARY_PATH_NAME :
SERVICE_NAME: caboagp
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\atisgkaf.sys
SERVICE_NAME: CALIAUD
BINARY_PATH_NAME : system32\drivers\caliaud.sys
SERVICE_NAME: CALIHALA
BINARY_PATH_NAME : system32\drivers\calihal.sys
SERVICE_NAME: Cdr4_xp
BINARY_PATH_NAME :
SERVICE_NAME: Cdralw2k
BINARY_PATH_NAME :
SERVICE_NAME: Cdrom
BINARY_PATH_NAME : System32\DRIVERS\cdrom.sys
SERVICE_NAME: cdudf_xp
BINARY_PATH_NAME :
SERVICE_NAME: CmBatt
BINARY_PATH_NAME : System32\DRIVERS\CmBatt.sys
SERVICE_NAME: Compbatt
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\compbatt.sys
SERVICE_NAME: Disk
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\disk.sys
SERVICE_NAME: DP83815
BINARY_PATH_NAME : System32\DRIVERS\DP83815.SYS
SERVICE_NAME: eeCtrl
BINARY_PATH_NAME : \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
SERVICE_NAME: Fdc
BINARY_PATH_NAME : System32\DRIVERS\fdc.sys
SERVICE_NAME: Fips
BINARY_PATH_NAME :
SERVICE_NAME: FltMgr
BINARY_PATH_NAME : \SystemRoot\system32\drivers\fltmgr.sys
SERVICE_NAME: Ftdisk
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\ftdisk.sys
SERVICE_NAME: GEARAspiWDM
BINARY_PATH_NAME : SYSTEM32\DRIVERS\GEARAspiWDM.sys
SERVICE_NAME: Gpc
BINARY_PATH_NAME : System32\DRIVERS\msgpc.sys
SERVICE_NAME: HPCI
BINARY_PATH_NAME : System32\DRIVERS\hpci.sys
SERVICE_NAME: HSFHWALI
BINARY_PATH_NAME : System32\DRIVERS\HSFHWALI.sys
SERVICE_NAME: HSF_DP
BINARY_PATH_NAME : System32\DRIVERS\HSF_DP.sys
SERVICE_NAME: HTTP
BINARY_PATH_NAME : System32\Drivers\HTTP.sys
SERVICE_NAME: i8042prt
BINARY_PATH_NAME : System32\DRIVERS\i8042prt.sys
SERVICE_NAME: Imapi
BINARY_PATH_NAME : System32\DRIVERS\imapi.sys
SERVICE_NAME: IpFilterDriver
BINARY_PATH_NAME : System32\DRIVERS\ipfltdrv.sys
SERVICE_NAME: IpNat
BINARY_PATH_NAME : System32\DRIVERS\ipnat.sys
SERVICE_NAME: IPSec
BINARY_PATH_NAME : System32\DRIVERS\ipsec.sys
SERVICE_NAME: isapnp
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\isapnp.sys
SERVICE_NAME: Kbdclass
BINARY_PATH_NAME : System32\DRIVERS\kbdclass.sys
SERVICE_NAME: KSecDD
BINARY_PATH_NAME :
SERVICE_NAME: MDC8021X
BINARY_PATH_NAME : System32\DRIVERS\mdc8021x.sys
SERVICE_NAME: mdmxsdk
BINARY_PATH_NAME : System32\DRIVERS\mdmxsdk.sys
SERVICE_NAME: mfeavfk
BINARY_PATH_NAME : system32\drivers\mfeavfk.sys
SERVICE_NAME: mfebopk
BINARY_PATH_NAME : system32\drivers\mfebopk.sys
SERVICE_NAME: mfehidk
BINARY_PATH_NAME : system32\drivers\mfehidk.sys
SERVICE_NAME: mfesmfk
BINARY_PATH_NAME : system32\drivers\mfesmfk.sys
SERVICE_NAME: mmc_2K
BINARY_PATH_NAME :
SERVICE_NAME: mnmdd
BINARY_PATH_NAME :
SERVICE_NAME: Modem
BINARY_PATH_NAME :
SERVICE_NAME: MODEMCSA
BINARY_PATH_NAME : system32\drivers\MODEMCSA.sys
SERVICE_NAME: Mouclass
BINARY_PATH_NAME : System32\DRIVERS\mouclass.sys
SERVICE_NAME: MountMgr
BINARY_PATH_NAME :
SERVICE_NAME: MPFP
BINARY_PATH_NAME : System32\Drivers\Mpfp.sys
SERVICE_NAME: MRxDAV
BINARY_PATH_NAME : System32\DRIVERS\mrxdav.sys
SERVICE_NAME: MRxSmb
BINARY_PATH_NAME : System32\DRIVERS\mrxsmb.sys
SERVICE_NAME: Msfs
BINARY_PATH_NAME :
SERVICE_NAME: mssmbios
BINARY_PATH_NAME : System32\DRIVERS\mssmbios.sys
SERVICE_NAME: Mup
BINARY_PATH_NAME :
SERVICE_NAME: NDIS
BINARY_PATH_NAME :
SERVICE_NAME: NdisTapi
BINARY_PATH_NAME : System32\DRIVERS\ndistapi.sys
SERVICE_NAME: Ndisuio
BINARY_PATH_NAME : System32\DRIVERS\ndisuio.sys
SERVICE_NAME: NdisWan
BINARY_PATH_NAME : System32\DRIVERS\ndiswan.sys
SERVICE_NAME: NDProxy
BINARY_PATH_NAME :
SERVICE_NAME: NetBIOS
BINARY_PATH_NAME : System32\DRIVERS\netbios.sys
SERVICE_NAME: NetBT
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
SERVICE_NAME: Npfs
BINARY_PATH_NAME :
SERVICE_NAME: Ntfs
BINARY_PATH_NAME :
SERVICE_NAME: Null
BINARY_PATH_NAME :
SERVICE_NAME: ohci1394
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\ohci1394.sys
SERVICE_NAME: Parport
BINARY_PATH_NAME : System32\DRIVERS\parport.sys
SERVICE_NAME: PartMgr
BINARY_PATH_NAME :
SERVICE_NAME: ParVdm
BINARY_PATH_NAME :
SERVICE_NAME: PCI
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\pci.sys
SERVICE_NAME: Pcmcia
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\pcmcia.sys
SERVICE_NAME: pfc
BINARY_PATH_NAME : system32\drivers\pfc.sys
SERVICE_NAME: PptpMiniport
BINARY_PATH_NAME : System32\DRIVERS\raspptp.sys
SERVICE_NAME: PSched
BINARY_PATH_NAME : System32\DRIVERS\psched.sys
SERVICE_NAME: Ptilink
BINARY_PATH_NAME : System32\DRIVERS\ptilink.sys
SERVICE_NAME: pwd_2k
BINARY_PATH_NAME :
SERVICE_NAME: PxHelp20
BINARY_PATH_NAME : \SystemRoot\System32\Drivers\PxHelp20.sys
SERVICE_NAME: RasAcd
BINARY_PATH_NAME : System32\DRIVERS\rasacd.sys
SERVICE_NAME: Rasl2tp
BINARY_PATH_NAME : System32\DRIVERS\rasl2tp.sys
SERVICE_NAME: RasPppoe
BINARY_PATH_NAME : System32\DRIVERS\raspppoe.sys
SERVICE_NAME: Raspti
BINARY_PATH_NAME : System32\DRIVERS\raspti.sys
SERVICE_NAME: Rdbss
BINARY_PATH_NAME : System32\DRIVERS\rdbss.sys
SERVICE_NAME: RDPCDD
BINARY_PATH_NAME : System32\DRIVERS\RDPCDD.sys
SERVICE_NAME: redbook
BINARY_PATH_NAME : System32\DRIVERS\redbook.sys
SERVICE_NAME: SbcpHid
BINARY_PATH_NAME : \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
SERVICE_NAME: serenum
BINARY_PATH_NAME : System32\DRIVERS\serenum.sys
SERVICE_NAME: Serial
BINARY_PATH_NAME : System32\DRIVERS\serial.sys
SERVICE_NAME: sr
BINARY_PATH_NAME : \SystemRoot\System32\DRIVERS\sr.sys
SERVICE_NAME: Srv
BINARY_PATH_NAME : System32\DRIVERS\srv.sys
SERVICE_NAME: StreamDispatcher
BINARY_PATH_NAME : System32\DRIVERS\strmdisp.sys
SERVICE_NAME: swenum
BINARY_PATH_NAME : System32\DRIVERS\swenum.sys
SERVICE_NAME: symlcbrd
BINARY_PATH_NAME : \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
SERVICE_NAME: SynTP
BINARY_PATH_NAME : System32\DRIVERS\SynTP.sys
SERVICE_NAME: sysaudio
BINARY_PATH_NAME : system32\drivers\sysaudio.sys
SERVICE_NAME: Tcpip
BINARY_PATH_NAME : System32\DRIVERS\tcpip.sys
SERVICE_NAME: TermDD
BINARY_PATH_NAME : System32\DRIVERS\termdd.sys
SERVICE_NAME: UdfReadr_xp
BINARY_PATH_NAME :
SERVICE_NAME: Udfs
BINARY_PATH_NAME :
SERVICE_NAME: Update
BINARY_PATH_NAME : System32\DRIVERS\update.sys
SERVICE_NAME: usbhub
BINARY_PATH_NAME : System32\DRIVERS\usbhub.sys
SERVICE_NAME: usbohci
BINARY_PATH_NAME : System32\DRIVERS\usbohci.sys
SERVICE_NAME: VgaSave
BINARY_PATH_NAME : \SystemRoot\System32\drivers\vga.sys
SERVICE_NAME: VolSnap
BINARY_PATH_NAME :
SERVICE_NAME: Wanarp
BINARY_PATH_NAME : System32\DRIVERS\wanarp.sys
SERVICE_NAME: wdmaud
BINARY_PATH_NAME : system32\drivers\wdmaud.sys
SERVICE_NAME: winachsf
BINARY_PATH_NAME : System32\DRIVERS\HSF_CNXT.sys
______________________________________________________________________________________________________
** SCHEDULED TASKS **
HR C:\WINDOWS\tasks\desktop.ini
A C:\WINDOWS\tasks\Google Software Updater.job
A C:\WINDOWS\tasks\McDefragTask.job
A C:\WINDOWS\tasks\McQcTask.job
A H C:\WINDOWS\tasks\SA.DAT
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Google Software Updater.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe'
Parameters: 'scheduled_start'
WorkingDirectory: ''
Comment: 'Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: INFINITE
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/31/2009 13:17:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0
2 Triggers
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/31/2009
EndDate: 00/00/0000
StartTime: 13:17
MinutesDuration: 144000
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
Trigger 1:
Type: Once
StartDate: 09/01/2009
EndDate: 00/00/0000
StartTime: 00:44
MinutesDuration: 144000
MinutesInterval: 20
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McDefragTask.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
Parameters: '"C:\WINDOWS\system32\defrag.exe" C: -f'
WorkingDirectory: ''
Comment: 'Disk Defragmenter'
Creator: 'Rachel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/15/2009 1:00:00
NextRun: 09/15/2009 1:00:00
StartError: S_OK
ExitCode: 0xc000013a
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/23/2009
EndDate: 00/00/0000
StartTime: 01:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McQcTask.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
Parameters: '14 0'
WorkingDirectory: 'c:\PROGRA~1\mcafee\mqc'
Comment: 'McAfee McAfee QuickClean'
Creator: 'Rachel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/01/2009 0:59:59
NextRun: 09/01/2009 1:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: MonthlyDate
Days: 1
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/23/2009
EndDate: 00/00/0000
StartTime: 01:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
______________________________________________________________________________________________________
** SHARED TASK SCHEDULER REGISTRY ITEMS **
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
______________________________________________________________________________________________________
** STARTUP ITEMS DISABLED VIA MSCONFIG **
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002
______________________________________________________________________________________________________
** CHECKING SELECT POLICIES KEYS **
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
______________________________________________________________________________________________________
** CHECKING WINLOGON NOTIFY **
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\. . . . .]
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
WgaLogon
WgaLogon
wlballoon
______________________________________________________________________________________________________
** SSODL **
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
______________________________________________________________________________________________________
** EXE KEYS **
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="C:\\WINDOWS\\system32\\desote.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]
@=""
######################################################################################################
PeekabooXP v1.2.7 © by PhilliePhan (2006-2009)
I apologize for the length of that sucker! I never got around to fixing that.....
There is a good deal of malware showing that we can remove. I am sure crunchie and the other volunteers can see it and can show you what needs to be deleted.
I will definitely be gone until Monday Night EST, but will check back then.
Cheers :)
PP
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Hi Sisaly,
Here is a fix you can try. Again, it is a "Use at your own Risk!" proposition:
-- Download the attached KILLBAD.zip and EXTRACT the KILLBAD folder to your C:\ Drive.
Use command.com to get a command prompt
TYPE C:\KILLBAD\KILLBAD.bat ENTER
It should run quickly.
-- Now, try to run MBA-M.
Let me know if you run into any problems.
*** To any others reading this post: This fix was specifically made for Sisaly. IT MAY OR MAY NOT WORK FOR YOU. IT MAY RESTORE SOME FUNCTION TO YOUR COMPY, BUT YOU RUN IT AT YOUR OWN RISK.....
'Course your compy's pretty borked already, or you wouldn't be reading this . . . . .
Best Luck :)
PP
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
OK, installed KILLBAD to C:drive and ran cmd. Got a bunch of strings saying could not find specified file, could not find several exes. Went ahead and tried mbam and still get the start up and preparing for scan, then after 25 seconds it crashes. (And I get all kinds of desots on start up. But then that's not new. Checked tskmgr and admin and could not see anything, but I need a break, I think I'm tired and missing stuff.)
Then my desktop changed to some red letters that say...
"Warning! Your're (sic) in Danger...blah blah..."
PhilliePhan, you're very awesome for writing something for my system, but it's not working (could be user error, it's late). Will try again later as it is 4:30 am and I need to call it a night. Will be back later to try again and check back. I'm very worn out now.
Again, thank you for trying to help.
One idea that may be worth a shot. Open up your "My Computer" and do a search for mbam.exe. Once located, right click on it and select rename. Rename it to helpme.exe then try running it.
Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
I tried renaming mbam in normal and safe mode and I get the Access Denied error message.
Phillie, when I'm using cmd to run KILLBAD, I can't get rid of C:\Documents and Settings\Username\_
I can't backspace to get rid of it and when I hit enter it's still like that instead of C:_
I'm assuming that is why I can't get KILLBAD to run properly.
*continues to pull hair out*
I tried renaming mbam in normal and safe mode and I get the Access Denied error message.
Phillie, when I'm using cmd to run KILLBAD, I can't get rid of C:\Documents and Settings\Username\_
I can't backspace to get rid of it and when I hit enter it's still like that instead of C:_
I'm assuming that is why I can't get KILLBAD to run properly.*continues to pull hair out*
That shouldn't be an issue - type cd c:\ enter to change it back. That doesn't matter when you type the whole path to the tool...Let's try this:
First, Rename mbam.exe to zappa.com
See if it will run.
If so, please have it remove all that it finds and post the log for us.
If it does not run, you can try the following, but it is strictly a "Run At Your Own Risk!" proposition:
* Download KILLBAD.zip and EXTRACT the KILLBAD folder to your C:\ Drive
* Use START > RUN >Command.com to get a command prompt
* TYPE C:\KILLBAD\KILLBAD.bat ENTER
* If the tool is able to run, a log should eventually pop up in notepad.
Please post that for us.
Then, try running MBA-M again.
I'll try to check back as time permits.
Best Luck :)
PP
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Phillie, I can't rename mbam. See my last post.
KILLBAD won't run even when typed in as you posted. It lists many lines of Cannot find specified file...no log report. :(
Phillie, I can't rename mbam. See my last post.
KILLBAD won't run even when typed in as you posted. It lists many lines of Cannot find specified file...no log report. :(
Sorry - it didn't register.
Did you download the new KILLBAD I linked in my last post? It is a different tool - just used the same name.You'll need to delete the old one first.
-- What happens when you navigate to the new C:\KILLBAD folder and DoubleClick on KILLBAD.bat?
PP :)
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
All right Phillie, I ran the new KILLBAD and it can't find the specified files, like svchasts and others because I have deleted them, I assume. Looking at Kevin's mbam log I have deleted any file he had that was in my system.
After running KB, Notepad opened but is empty.
mbam crashes after asking to scan and now I'm locked out of the mbam directory.
Good god! This sucker is evil I tell you.
Good god! This sucker is evil I tell you.
Something is not right - if notepad opened with a blank log. I'll have to have another look at the darn thing. I very easily could have made a mistake - doing ten things at once here.... :)
-- Did it run when you DoubleClicked the .bat file or did you use command.com for command prompt?
-- Are you comfortable digging around the registry? We need to change this:
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="C:\\WINDOWS\\system32\\desote.exe \"%1\" %*"
To This:
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
Basically, we want to remove only the part in bold:
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="C:\\WINDOWS\\system32\\desote.exe \"%1\" %*"
The thing is, I don't think regedit will run for you. The tool I wrote should have done this automatically - I need to re-check it.
It seems you've killed all the processes, so fixing the registry value ought to work, if we can do it....
Hang in there:)
-- Hey, did we try System Restore? That might be an option:
Open a command prompt with command.com
Type %systemroot%\system32\restore\rstrui.exe ENTER
See what happens.
I've got to cut out for a bit to get something to eat - Will try to check back tonight.
PP :)
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
I tried system restore, nada.
I double clicked the .bat.
OK - The problem with the KILLBAD was PhilliePhan Error!
Not a big error, though and the registry should have been fixed....
Try this one: KILLBAD.zip
This one should pop up with the right log. Let's see what it says.
PP :)
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Okay . . . . I've managed to get somewhat up to speed, LOL!
Turns out that this particular baddie is extremely nasty, and I don't mean the obvious stuff. It has all sorts of rootkit components involved and is a real pain to clean.
Our best bet would be to get combofix to run. Generally, when I see baddies such as this, I advise a reformat because of the nature of the rootkit beast.
However, if you'd like to give cleaning this a shot, we can try to get combofix to run.
See if you can get this tool to run:
Please Download Win32kDiag and save it to your Desktop.
• http://ad13.geekstogo.com/Win32kDiag.exe
• http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to. If it doesn't run, try renaming it to Win32kDiag.com
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.
I will check back as soon as time permits.
Cheers :)
PP
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
I got the same problem, tried a lot, got on this site while searching.
And now getting rid of this problem, I want to help you. Perhaps it works for you too. Go to the following link and do exactly what you can read there:
http://www.myantispyware.com/2009/08/31/remove-windows-police-pro-uninstall-instructions/
Good luck, greetings from Germany
Morganfield
[QUOTE=Morganfield;964154
Good luck, greetings from Germany
Morganfield[/QUOTE]
Thanks, but that is not an option just yet - poster cannot get MBA-M to run.
Hopefull, after Sisaly gets me the Win32kDiag log, we can change that.
PP:)
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Wow Phil you are a trooper.
I got KILLBAD and win32kdiag to run. Here are the logs.
** EXE KEY INFECTED? **
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
SEARCHING KNOWN FILES
Looking for windows Police Pro.exe
No matches found.
Looking for dddesot.dll
No matches found.
Looking for wisdstr.exe
C:\WINDOWS\SYSTEM32\
wisdstr.exe Tue Sep 1 2009 5:39:36p A.... 191,159 186.68 K
1 item found: 1 file, 0 directories.
Total of file sizes: 191,159 bytes 186.68 K
Looking for desote.exe
No matches found.
Looking for svchasts.exe
No matches found.
Looking for ppp4.dat
No matches found.
Looking for sysnet.dat
No matches found.
Looking for bincd32.dat
No matches found.
Looking for ppp3.dat
No matches found.
Looking for desot.exe
No matches found.
Looking for wispex.html
No matches found.
Looking for qcfbc.wbg
No matches found.
Looking for windows Police Pro.exe
No matches found.
Looking for svchast.exe
No matches found.
Looking for dbsinit.exe
No matches found.
File/Folder: C:\WINDOWS\Program Files\Windows Police Pro\windows Police Pro.exe does not exist
File/Folder: C:\WINDOWS\system32\dddesot.dll does not exist
File: "C:\WINDOWS\system32\wisdstr.exe"
Granting NTFS rights (F access for This Folder and Files) for "Everyone"
File/Folder: C:\WINDOWS\system32\wincom32.ini does not exist
File/Folder: C:\WINDOWS\system32\desote.exe does not exist
File/Folder: C:\WINDOWS\svchasts.exe does not exist
File/Folder: C:\WINDOWS\ppp4.dat does not exist
File/Folder: C:\WINDOWS\system32\sysnet.dat does not exist
File/Folder: C:\WINDOWS\system32\bincd32.dat does not exist
File/Folder: C:\WINDOWS\ppp3.dat does not exist
File/Folder: C:\WINDOWS\system32\desot.exe does not exist
File/Folder: C:\WINDOWS\system32\wispex.html does not exist
File/Folder: C:\WINDOWS\qcfbc.wbg does not exist
File/Folder: C:\WINDOWS\svchast.exe does not exist
File/Folder: C:\WINDOWS\Program Files\Windows Police Pro\tmp\dbsinit.exe does not exist
Looking for windows Police Pro.exe
No matches found.
Successfully Removed!
Looking for dddesot.dll
No matches found.
Successfully Removed!
Looking for wisdstr.exe
No matches found.
Successfully Removed!
Looking for desote.exe
No matches found.
Successfully Removed!
Looking for svchasts.exe
No matches found.
Successfully Removed!
Looking for ppp4.dat
No matches found.
Successfully Removed!
Looking for sysnet.dat
No matches found.
Successfully Removed!
Looking for bincd32.dat
No matches found.
Successfully Removed!
Looking for ppp3.dat
No matches found.
Successfully Removed!
Looking for desot.exe
No matches found.
Successfully Removed!
Looking for wispex.html
No matches found.
Successfully Removed!
Looking for qcfbc.wbg
No matches found.
Successfully Removed!
Looking for svchast.exe
No matches found.
Successfully Removed!
Looking for dbsinit.exe
No matches found.
Successfully Removed!
** EXE KEY STILL INFECTED? **
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
_________________________
Log file is located at: C:\Documents and Settings\Rachel\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941644\KB941644
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A5.tmp\ZAP1A5.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28E.tmp\ZAP28E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B8.tmp\ZAP2B8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\AU_Temp\AU_Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
[1] 2003-03-31 14:00:00 703488 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-04 02:56:50 743936 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()
[1] 2004-08-04 02:56:50 743936 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\helpsvc.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\10
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2003-03-31 14:00:00 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 02:56:42 55808 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 02:56:42 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-04 02:56:42 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Macromed\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\i386
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\i386
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\DriverFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\DriverFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\W32ALPHA\W32ALPHA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\Logs\Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Cookies\Cookies
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\cs\cs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\da\da
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\de\de
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\el\el
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\en\en
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\en-gb\en-gb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\es\es
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\fi\fi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\fr\fr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\HTML\HTML
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\it\it
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\ja\ja
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\ko\ko
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\nl\nl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\no\no
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\pl\pl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\pt-br\pt-br
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\ru\ru
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\sv\sv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\th\th
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\tr\tr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\zh-cn\zh-cn
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gis2b78e4\2.4.1399.3742\zh-tw\zh-tw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\cs\cs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\da\da
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\de\de
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\el\el
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\en\en
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\en-gb\en-gb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\es\es
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\fi\fi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\fr\fr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\HTML\HTML
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\it\it
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\ja\ja
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\ko\ko
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\nl\nl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\no\no
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\pl\pl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\pt-br\pt-br
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\ru\ru
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\sv\sv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\th\th
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\tr\tr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\zh-cn\zh-cn
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\gisd91f0\2.4.1536.6592\zh-tw\zh-tw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\GUM15.tmp\CrashReports\CrashReports
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\History\History.IE5\History.IE5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu19b.tmp\slu19b.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu3b4d.tmp\slu3b4d.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu6539.tmp\slu6539.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu7f0.tmp\slu7f0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu832.tmp\slu832.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slufae.tmp\slufae.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\StandardInstall_1-5-0\WorkFlow\WorkFlow
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\11BQ7CMK\11BQ7CMK
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\31TUIS5O\31TUIS5O
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\43UFA0R8\43UFA0R8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4F5IJOXB\4F5IJOXB
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6EQ7NVYF\6EQ7NVYF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7GE5RVL2\7GE5RVL2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9MBJ2F4V\9MBJ2F4V
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H6FM75Z5\H6FM75Z5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K1GSDJK0\K1GSDJK0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QKMOJ1WP\QKMOJ1WP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\R4YPFEHN\R4YPFEHN
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YETQBD7F\YETQBD7F
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\WMD\WMD
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\WMFA\WMFA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\51836\51836
Mount point destination : \Device\__max++>\^
Finished!
This question has already been solved
You
© 2012 DaniWeb® LLC
