Untitled

2012-03-15 17:15:11: ****************************************************
2012-03-15 17:15:11:  Starting UP ... v 0.0.0.190
2012-03-15 17:15:11: ****************************************************
2012-03-15 17:15:11: Listing processes...
2012-03-15 17:15:11:    :[System Process]:0
2012-03-15 17:15:11:    :System:4
2012-03-15 17:15:11:    :smss.exe:504
2012-03-15 17:15:11:    :csrss.exe:568
2012-03-15 17:15:11:    :winlogon.exe:592
2012-03-15 17:15:11:    :services.exe:644
2012-03-15 17:15:11:    :lsass.exe:656
2012-03-15 17:15:11:    :svchost.exe:812
2012-03-15 17:15:11:    :svchost.exe:892
2012-03-15 17:15:11:    :svchost.exe:988
2012-03-15 17:15:11:    :svchost.exe:1032
2012-03-15 17:15:11:    :svchost.exe:1096
2012-03-15 17:15:11:    :explorer.exe:1456
2012-03-15 17:15:11:    :spoolsv.exe:1632
2012-03-15 17:15:11:    :svchost.exe:1812
2012-03-15 17:15:11:    :alg.exe:724
2012-03-15 17:15:11:    :ctfmon.exe:956
2012-03-15 17:15:11:    :svchost.exe:112
2012-03-15 17:15:11:    :svchost.exe:720
2012-03-15 17:15:11:    :yorkyt.exe:796
2012-03-15 17:15:11:    :wmiprvse.exe:156
2012-03-15 17:15:11:
2012-03-15 17:15:11: Setting restore point
2012-03-15 17:15:12: Determining autonomous or dropped mode...
2012-03-15 17:15:12: Autonomus mode
2012-03-15 17:15:12: Installing drivers...
2012-03-15 17:15:12: Checking that it installed...
2012-03-15 17:15:12: Driver is installed...
2012-03-15 17:15:12: cmd.exe /c start "C:\Documents and Settings\thisisu\Desktop\yorkyt.exe"
2012-03-15 17:15:35: Restarting...
2012-03-15 17:16:08: ****************************************************
2012-03-15 17:16:08:  Starting UP ... v 0.0.0.190
2012-03-15 17:16:08: ****************************************************
2012-03-15 17:16:08: Listing processes...
2012-03-15 17:16:08:    :[System Process]:0
2012-03-15 17:16:08:    :System:4
2012-03-15 17:16:08:    :smss.exe:648
2012-03-15 17:16:08:    :csrss.exe:728
2012-03-15 17:16:08:    :winlogon.exe:756
2012-03-15 17:16:08:    :services.exe:804
2012-03-15 17:16:08:    :lsass.exe:820
2012-03-15 17:16:08:    :svchost.exe:984
2012-03-15 17:16:08:    :svchost.exe:1056
2012-03-15 17:16:08:    :svchost.exe:1152
2012-03-15 17:16:08:    :svchost.exe:1236
2012-03-15 17:16:08:    :svchost.exe:1400
2012-03-15 17:16:08:    :userinit.exe:1724
2012-03-15 17:16:08:    :spoolsv.exe:1832
2012-03-15 17:16:08:    :explorer.exe:1844
2012-03-15 17:16:08:    :yorkyt.exe:1944
2012-03-15 17:16:08:    :ctfmon.exe:316
2012-03-15 17:16:08:    :wmiprvse.exe:420
2012-03-15 17:16:08:
2012-03-15 17:16:08: RUN mode
2012-03-15 17:16:08: Determining autonomous or dropped mode...
2012-03-15 17:16:08: Autonomus mode
2012-03-15 17:16:08: Waiting for Explorer.exe...
2012-03-15 17:16:38: Launching parsers...
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\KDCOM.DLL kdcom.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\BOOTVID.DLL bootvid.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOT.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTD.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTK.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTI.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTS.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS ACPI.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS WmiLib.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS pci.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS isapnp.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS compbatt.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\BATTC.SYS battc.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS intelide.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS pciidex.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MOUNTMGR.SYS mountmgr.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS ftdisk.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS dmload.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS dmio.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PARTMGR.SYS partmgr.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MVXXMM.SYS mvxxmm.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS volsnap.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS atapi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MV61XXMM.SYS mv61xxmm.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MV64XXMM.SYS mv64xxmm.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS scsidisk.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS Classpnp.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS fltMgr.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\SR.SYS sr.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\KSECDD.SYS ksecdd.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\NTFS.SYS ntfs.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS NDIS.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MUP.SYS MUP.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTF.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS i8042prt.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS kbdclass.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS mouclass.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS parport.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS cdrom.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PCNTPCI5.SYS PCNTPCI5.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\KS.SYS ks.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS drmk.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PORTCLS.SYS portcls.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS ichaud.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS usbport.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS USBOHCI.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS cmbatt.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS audstub.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS rasl2tp.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS NDISTAPI.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS NDISWAN.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS raspppoe.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS tdi.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS RASPPTP.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS PSCHED.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS MSGPC.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS ptilink.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS raspti.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS RDPDR.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS termdd.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS swenum.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS update.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS smbios.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS ndproxy.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS usbd.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS usbhub.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS fdc.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS floppy.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SFLOPPY.SYS sfloppy.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS cdaudio.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS fs_rec.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS null.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS beep.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS videoprt.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS vga.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS videosim.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS RDPCDD.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS MSFS.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS npfs.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS rasacd.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS ipsec.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS tcpip.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS netbt.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS IPNAT.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS ws2ifsl.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS afd.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS NETBIOS.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS redbook.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS RDBSS.Sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS WANARP.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\` MRXSMB.Sys
2012-03-15 17:16:39: Found replaced driver: FB2FCCC70F7174C7BF64F48E96D3ADF4 \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\` MRXSMB.Sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS IMAPI.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS fips.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\HIDPARSE.SYS hidparse.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\HIDCLASS.SYS hidclass.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS HIDUSB.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS usbstor.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS mouhid.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CDFS.SYS cdfs.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS WmiLib.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS atapi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS dxapi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\WATCHDOG.SYS watchdog.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\WIN32K.SYS win32k.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS dxgthk.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS dxg.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\VGA.DLL vga.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\FRAMEBUF.DLL framebuf.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\VGA256.DLL vga256.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\VGA64K.DLL vga64k.dll
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS NDISUIO.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RSPNDR.SYS RSPNDR.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS WDMAUD.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS sysaudio.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS splitter.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS aec.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS swmidi.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS DMusic.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS drmkaud.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS MRxDAV.Sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS parvdm.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS serial.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS SRV.SYS
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS http.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS kmixer.sys
2012-03-15 17:16:39: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PRSBDRVR.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ntdll.dll ntdll.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\i8042prt.sys i8042prt.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\kbdclass.sys kbdclass.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mouclass.sys mouclass.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\parport.sys parport.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdrom.sys cdrom.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\pcntpci5.sys PCNTPCI5.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ac97intc.sys ichaud.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\portcls.sys portcls.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\drmk.sys drmk.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ks.sys ks.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbohci.sys USBOHCI.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbport.sys usbport.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\CmBatt.sys cmbatt.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\audstub.sys audstub.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\rasl2tp.sys rasl2tp.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndistapi.sys NDISTAPI.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndiswan.sys NDISWAN.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\raspppoe.sys raspppoe.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\raspptp.sys RASPPTP.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\tdi.sys tdi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\psched.sys PSCHED.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\msgpc.sys MSGPC.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ptilink.sys ptilink.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\raspti.sys raspti.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\rdpdr.sys RDPDR.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\termdd.sys termdd.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\swenum.sys swenum.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\update.sys update.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mssmbios.sys smbios.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndproxy.sys ndproxy.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbhub.sys usbhub.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbd.sys usbd.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\fdc.sys fdc.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\flpydisk.sys floppy.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\sfloppy.sys sfloppy.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdaudio.sys cdaudio.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\fs_rec.sys fs_rec.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\null.sys null.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\beep.sys beep.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\vga.sys vga.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\videoprt.sys videoprt.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mnmdd.sys videosim.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\rdpcdd.sys RDPCDD.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\msfs.sys MSFS.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\npfs.sys npfs.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\rasacd.sys rasacd.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ipsec.sys ipsec.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\tcpip.sys tcpip.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\netbt.sys netbt.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ipnat.sys IPNAT.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ws2ifsl.sys ws2ifsl.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\afd.sys afd.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\netbios.sys NETBIOS.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\redbook.sys redbook.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\rdbss.sys RDBSS.Sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mrxsmb.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\wanarp.sys WANARP.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\` MRXSMB.Sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\assembly\GAC_MSIL\Desktop.ini
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\imapi.sys IMAPI.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\fips.sys fips.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\smss.exe smss.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\autochk.exe AutoChk.Exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sfcfiles.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\advapi32.dll advapi32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comdlg32.dll comdlg32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\gdi32.dll gdi32
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\imagehlp.dll IMAGEHLP.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kernel32.dll kernel32
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lz32.dll LZ32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ole32.dll OLE32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\oleaut32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olecli32.dll OLECLI32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olecnv32.dll OLECNV32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olesvr32.dll OLESVR32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olethk32.dll OLETHK32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rpcrt4.dll rpcrt4.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shell32.dll SHELL32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\url.dll URL.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\urlmon.dll UrlMon.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\user32.dll user32
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\version.dll VERSION.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wininet.dll wininet.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wldap32.dll WLDAP32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comctl32.dll COMCTL32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shlwapi.dll SHLWAPI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcrt.dll msvcrt.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mpr.dll mpr.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ntvdm.exe NTVDM.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wow32.dll WOW32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\secur32.dll security.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\iertutil.dll IeRtUtil.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\hidusb.sys HIDUSB.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\hidclass.sys hidclass.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\hidparse.sys hidparse.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\USBSTOR.SYS usbstor.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mouhid.sys mouhid.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ieframe.dll IEFRAME.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\normaliz.dll normaliz.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\apphelp.dll Apphelp
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\userenv.dll userenv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdfs.sys cdfs.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\atapi.sys atapi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\wmilib.sys WmiLib.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\win32k.sys win32k.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxapi.sys dxapi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\watchdog.sys watchdog.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\csrss.exe CSRSS.Exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\csrsrv.dll CSRSrv.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\basesrv.dll basesrv
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winsrv.dll winsrv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxg.sys dxg.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxgthk.sys dxgthk.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\vga.dll vga.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\framebuf.dll framebuf.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\vga256.dll vga256.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\vga64k.dll vga64k.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winlogon.exe WINLOGON.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\authz.dll authz.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\crypt32.dll CRYPT32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msasn1.dll msasn1.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\nddeapi.dll NDDEAPI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\profmap.dll userenv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netapi32.dll NetApi32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\psapi.dll PSAPI
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\regapi.dll regapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\setupapi.dll SETUPAPI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winsta.dll winsta.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wintrust.dll WINTRUST.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ws2_32.dll ws2_32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ws2help.dll ws2help.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\imm32.dll imm32
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kbdus.dll kbdus.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\MSCTFIME.IME MSCTFIME.IME
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msgina.dll MSGINA.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\odbc32.dll ODBC32
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sxs.dll SXS.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll comctl32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\WindowsShell.Manifest
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\odbcint.dll ODBCINT
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shsvcs.dll SHSVCS.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sfc.dll sfc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sfc_os.dll sfc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\services.exe services.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lsass.exe lsass.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ncobjapi.dll NCObjAPI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcp60.dll MSVCP60.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lsasrv.dll lsasrv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\scesrv.dll scesrv
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ntdsapi.dll ntdsapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\umpnpmgr.dll Umpnpmgr.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dnsapi.dll dnsapi
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shimeng.dll ShimEngineDLL(IAT)
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\samlib.dll SAMLib.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\AppPatch\AcAdProc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\samsrv.dll samsrv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cryptdll.dll cryptdll.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\AppPatch\AcGenral.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winmm.dll WINMM.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msacm32.dll msfltr32.acm
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\uxtheme.dll UxTheme.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msapsspc.dll MSAPSSPC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcrt40.dll msvcrt40.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\schannel.dll schannel.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\credssp.dll tssso.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\digest.dll digest.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msnsspc.dll MSNSSPC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\MSCTF.dll MSCTF.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msprivs.dll mspriv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\WindowsLogon.manifest
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kerberos.dll kerberos.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msv1_0.dll MSV1_0.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\iphlpapi.dll iphlpapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netlogon.dll NetLogon.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\w32time.dll w32time.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wdigest.dll WDIGEST.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rsaenh.dll rsaenh.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\tspkg.dll TSpkg.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winscard.dll winscard.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wtsapi32.dll wtsapi32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\scecli.dll scecli
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\svchost.exe svchost.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ntmarta.dll ntmarta.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rpcss.dll rpcss.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eventlog.dll Eventlog.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\xpsp2res.dll xpsp2res.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mswsock.dll mswsock.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winrnr.dll winrnr
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rasadhlp.dll rasadhlp.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndisuio.sys NDISUIO.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\rspndr.sys RSPNDR.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dhcpcsvc.dll dhcpcsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dnsrslvr.dll dnsrslvr.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\hnetcfg.dll HNETCFG.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wshtcpip.dll wshtcpip.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\luna.msstyles luna.mst
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\clbcatq.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lmhsvc.dll lmhsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comres.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wzcsvc.dll wzcsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rtutils.dll RTUTILS.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wmi.dll wmi.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eapolqec.dll EapolQec.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\atl.dll ATL.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\qutil.dll QUtil.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dot3api.dll dot3api.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\esent.dll esent.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kmddsp.tsp KMDDSP.TSP
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cabinet.dll cabinet.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\logonui.exe LOGONUI.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\jscript.dll jscript.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cryptui.dll CRYPTUI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\duser.dll DUser.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cscdll.dll CSCDLL.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dimsntfy.dll dimsntfy.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wlnotify.dll WlNotify.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winspool.drv winspool.drv
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmisvc.dll wmisvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msimg32.dll gdiext
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\oleacc.dll OLEACC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\vssapi.dll VSSAPI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rastls.dll rastls.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mprapi.dll mprapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\activeds.dll ADs
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\adsldpc.dll adsldpc
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rasapi32.dll rasapi32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rasman.dll Rasman.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\tapi32.dll TAPI32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\riched20.dll riched20.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\raschap.dll raschap.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netman.dll netman.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shgina.dll SHGINA.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netshell.dll netshell.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\credui.dll credui.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dot3dlg.dll dot3dlg.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\onex.dll onex.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eappcfg.dll eappcfg.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eappprxy.dll eappprxy.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wzcsapi.dll wzcsapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cscui.dll cscui.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\es.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\powrprof.dll POWRPROF.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dpcdll.dll Dpcdll.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\userinit.exe USERINIT.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\Documents and Settings\thisisu\Local Settings\Application Data\02e7abf0\X
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ipnathlp.dll IPNATHLP.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\objsel.dll objsel.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\schedsvc.dll schedsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\riched32.dll riched32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spoolsv.exe spoolsv.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msidle.dll MSIDLE.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\explorer.exe EXPLORER.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\audiosrv.dll audiosrv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\browseui.dll BROWSEUI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wkssvc.dll WKSSVC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shdocvw.dll SHDOCVW.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\desk.cpl DESK.CPL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\themeui.dll ThemeUI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\actxprxy.dll ActXPrxy.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cmd.exe Cmd.Exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\Documents and Settings\thisisu\Desktop\yorkyt.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\MSIMTF.dll MSIMTF.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wsock32.dll wsock32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msutb.dll MSUTB.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\linkinfo.dll LINKINFO.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ntshrui.dll ntshrui.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\verclsid.exe verclsid.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wdmaud.drv WDMAUD.DRV
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\wdmaud.sys WDMAUD.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\sysaudio.sys sysaudio.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\splitter.sys splitter.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\aec.sys aec.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\swmidi.sys swmidi.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\DMusic.sys DMusic.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\kmixer.sys kmixer.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\drmkaud.sys drmkaud.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ctfmon.exe CTFMON.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemdisp.dll WBEMDISP.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\upnp.dll upnp.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msacm32.drv msacm32.acm
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\midimap.dll midimap.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winhttp.dll winhttp.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemprox.dll wbemprox.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\ime\SPTIP.dll SPTIP.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ssdpapi.dll ssdpapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcomn.dll wbemcomn.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiutils.dll wmiutils.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcore.dll wbemcore.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\esscli.dll esscli.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\fastprox.dll fastprox.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemsvc.dll wbemsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\repdrvfs.dll repdrvfs.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiprvsd.dll Wmiprvsd.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemess.dll wbemess.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netcfgx.dll netcfgx.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\clusapi.dll clusapi
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiprvse.exe Wmiprvse.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\cimwin32.dll cimwin32.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\framedyn.dll framedyn.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\webcheck.dll WEBCHECK.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mlang.dll MLANG.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\stobject.dll stobject.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\batmeter.dll BATMETER.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mrxdav.sys MRxDAV.Sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\webclnt.dll davsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\parvdm.sys parvdm.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\serial.sys serial.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cryptsvc.dll cryptsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ipsecsvc.dll ipsecsvc.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\regsvc.dll REGSVC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\oakley.dll oakley.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\certcli.dll CertCli
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winipsec.dll winipsec.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\pstorsvc.dll Protectedstorageserver
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\psbase.dll psbase.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wuauserv.dll wuauserv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\trkwks.dll trkwks.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dssenh.dll dssenh.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wuaueng.dll wuaueng.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mspatcha.dll mspatcha.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\srsvc.dll SERVICE.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\seclogon.dll SECLOGON.EXE
2012-03-15 17:16:39: Bad Service: system32\csctl50.dll
2012-03-15 17:16:39: Found Service: Packet
2012-03-15 17:16:39: Display Name: AFGMp50
2012-03-15 17:16:39: Description: New service would allow parents to control their children's online activity.
2012-03-15 17:16:39: ServiceDLL: %systemroot%\system32\csctl50.dll
2012-03-15 17:16:39: MD5: B89CFBE8CB247B57D8C10ADAA66B462B
2012-03-15 17:16:39: Original file name:
2012-03-15 17:16:39: Company name:
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\csctl50.dll adserxvice.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\srvsvc.dll SRVSVC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll PCHSVC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ersvc.dll ERSVC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netmsg.dll netmsg.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dmserver.dll dmserver.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sens.dll sens.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\srv.sys SRV.SYS
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wups.dll wups.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wups2.dll wups2.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wuauclt.exe wuauclt.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\browser.dll browser.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\http.sys http.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\termsrv.dll termsrv.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ssdpsrv.dll ssdpsrv.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\icaapi.dll icaapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mstlsapi.dll mstlsapi.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comsvcs.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\colbact.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mtxclu.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\resutils.dll resutils
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\alg.exe ALG.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\rasdlg.dll rasdlg.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spoolss.dll spoolss.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\localspl.dll localspl.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cnbjmon.dll CNBJMON.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\pjlmon.dll PJLMON.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\tcpmon.dll tcpmon.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\usbmon.dll DynaMon.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\win32spl.dll win32spl.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\netrap.dll NetRap.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\inetpp.dll inetpp.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msisip.dll MSISIP.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wshext.dll wshext.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mspaint.exe MSPAINT.EXE
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mfc42u.dll MFC42.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll gdiplus
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wiaservc.dll WIASERVC.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cfgmgr32.dll CFGMGR32.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mscms.dll MSCMS.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sti.dll STI.DLL
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\temp\yt\run.bat
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\temp\yt\nemesiscmd.exe
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\temp\yt\PRSBLib.dll
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\PRSBDrvr.sys
2012-03-15 17:16:39: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmipcima.dll WMIPCIMA.dll
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Alerter
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\alrsvc.dll
2012-03-15 17:16:39: Display Name: Alerter
2012-03-15 17:16:39: Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: system32\alrsvc.dll
2012-03-15 17:16:39: File size: 17408
2012-03-15 17:16:39: DLL File name: alrsvc.dll
2012-03-15 17:16:39: Original File Name: ALRSVC.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315171639
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: AppMgmt
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\appmgmts.dll
2012-03-15 17:16:39: Display Name: Application Management
2012-03-15 17:16:39: Description: Provides software installation services such as Assign, Publish, and Remove.
2012-03-15 17:16:39: ServiceDLL: System32\appmgmts.dll
2012-03-15 17:16:39: File size: 167936
2012-03-15 17:16:39: DLL File name: appmgmts.dll
2012-03-15 17:16:39: Original File Name: appmgmts.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: AudioSrv
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\audiosrv.dll
2012-03-15 17:16:39: Display Name: Windows Audio
2012-03-15 17:16:39: Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\audiosrv.dll
2012-03-15 17:16:39: File size: 42496
2012-03-15 17:16:39: DLL File name: audiosrv.dll
2012-03-15 17:16:39: Original File Name: audiosrv.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: BITS
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\qmgr.dll
2012-03-15 17:16:39: Display Name: Background Intelligent Transfer Service
2012-03-15 17:16:39: Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
2012-03-15 17:16:39: ServiceDLL: system32\qmgr.dll
2012-03-15 17:16:39: File size: 409088
2012-03-15 17:16:39: DLL File name: qmgr.dll
2012-03-15 17:16:39: Original File Name: qmgr.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20120229175059 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Browser
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\browser.dll
2012-03-15 17:16:39: Display Name: Computer Browser
2012-03-15 17:16:39: Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\browser.dll
2012-03-15 17:16:39: File size: 77824
2012-03-15 17:16:39: DLL File name: browser.dll
2012-03-15 17:16:39: Original File Name: browser.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: CryptSvc
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\cryptsvc.dll
2012-03-15 17:16:39: Display Name: CryptSvc
2012-03-15 17:16:39: Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\cryptsvc.dll
2012-03-15 17:16:39: File size: 62464
2012-03-15 17:16:39: DLL File name: cryptsvc.dll
2012-03-15 17:16:39: Original File Name: cryptsvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: DcomLaunch
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\rpcss.dll
2012-03-15 17:16:39: Display Name: DCOM Server Process Launcher
2012-03-15 17:16:39: Description: Provides launch functionality for DCOM services.
2012-03-15 17:16:39: ServiceDLL: system32\rpcss.dll
2012-03-15 17:16:39: File size: 401408
2012-03-15 17:16:39: DLL File name: rpcss.dll
2012-03-15 17:16:39: Original File Name: rpcss.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090407 20120112090407 20120315165510
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Dhcp
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\dhcpcsvc.dll
2012-03-15 17:16:39: Display Name: DHCP Client
2012-03-15 17:16:39: Description: Manages network configuration by registering and updating IP addresses and DNS names.
2012-03-15 17:16:39: ServiceDLL: System32\dhcpcsvc.dll
2012-03-15 17:16:39: File size: 126976
2012-03-15 17:16:39: DLL File name: dhcpcsvc.dll
2012-03-15 17:16:39: Original File Name: dhcpcsvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090256 20120112090256 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: dmserver
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\dmserver.dll
2012-03-15 17:16:39: Display Name: Logical Disk Manager
2012-03-15 17:16:39: Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\dmserver.dll
2012-03-15 17:16:39: File size: 23552
2012-03-15 17:16:39: DLL File name: dmserver.dll
2012-03-15 17:16:39: Original File Name: dmserver.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Dnscache
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\dnsrslvr.dll
2012-03-15 17:16:39: Display Name: DNS Client
2012-03-15 17:16:39: Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\dnsrslvr.dll
2012-03-15 17:16:39: File size: 45568
2012-03-15 17:16:39: DLL File name: dnsrslvr.dll
2012-03-15 17:16:39: Original File Name: dnsrslvr.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090257 20120112090257 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Dot3svc
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\dot3svc.dll
2012-03-15 17:16:39: Display Name: Wired AutoConfig
2012-03-15 17:16:39: Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
2012-03-15 17:16:39: ServiceDLL: System32\dot3svc.dll
2012-03-15 17:16:39: File size: 132096
2012-03-15 17:16:39: DLL File name: dot3svc.dll
2012-03-15 17:16:39: Original File Name: dot3svc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090257 20120112090257 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: EapHost
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\eapsvc.dll
2012-03-15 17:16:39: Display Name: Extensible Authentication Protocol Service
2012-03-15 17:16:39: Description: Provides windows clients Extensible Authentication Protocol Service
2012-03-15 17:16:39: ServiceDLL: System32\eapsvc.dll
2012-03-15 17:16:39: File size: 33792
2012-03-15 17:16:39: DLL File name: eapsvc.dll
2012-03-15 17:16:39: Original File Name: eapsvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: ERSvc
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\ersvc.dll
2012-03-15 17:16:39: Display Name: Error Reporting Service
2012-03-15 17:16:39: Description: Allows error reporting for services and applictions running in non-standard environments.
2012-03-15 17:16:39: ServiceDLL: System32\ersvc.dll
2012-03-15 17:16:39: File size: 23040
2012-03-15 17:16:39: DLL File name: ersvc.dll
2012-03-15 17:16:39: Original File Name: ERSVC.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: !!!!!!!
2012-03-15 17:16:39: Found Service: EventSystem
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\es.dll
2012-03-15 17:16:39: Display Name: COM+ Event System
2012-03-15 17:16:39: Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: system32\es.dll
2012-03-15 17:16:39: File size: 253952
2012-03-15 17:16:39: DLL File name: es.dll
2012-03-15 17:16:39: Original File Name:
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090258 20120112090258 20120315165609
2012-03-15 17:16:39: !!!!!!!!!
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: FastUserSwitchingCompatibility
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\shsvcs.dll
2012-03-15 17:16:39: Display Name: Fast User Switching Compatibility
2012-03-15 17:16:39: Description: Provides management for applications that require assistance in a multiple user environment.
2012-03-15 17:16:39: ServiceDLL: System32\shsvcs.dll
2012-03-15 17:16:39: File size: 135168
2012-03-15 17:16:39: DLL File name: shsvcs.dll
2012-03-15 17:16:39: Original File Name: SHSVCS.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090420 20120112090420 20120315170551
2012-03-15 17:16:39: !!!!!!!
2012-03-15 17:16:39: Found Service: HidServ
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\hidserv.dll
2012-03-15 17:16:39: Display Name: Human Interface Device Access
2012-03-15 17:16:39: Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\hidserv.dll
2012-03-15 17:16:39: File size: 0
2012-03-15 17:16:39: DLL File name: hidserv.dll
2012-03-15 17:16:39: Original File Name:
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time:
2012-03-15 17:16:39: !!!!!!!!!
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: hkmsvc
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\kmsvc.dll
2012-03-15 17:16:39: Display Name: Health Key and Certificate Management Service
2012-03-15 17:16:39: Description: Manages health certificates and keys (used by NAP)
2012-03-15 17:16:39: ServiceDLL: System32\kmsvc.dll
2012-03-15 17:16:39: File size: 61440
2012-03-15 17:16:39: DLL File name: kmsvc.dll
2012-03-15 17:16:39: Original File Name: KmSvc.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: HTTPFilter
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\w3ssl.dll
2012-03-15 17:16:39: Display Name: HTTP SSL
2012-03-15 17:16:39: Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\w3ssl.dll
2012-03-15 17:16:39: File size: 15872
2012-03-15 17:16:39: DLL File name: w3ssl.dll
2012-03-15 17:16:39: Original File Name: w3ssl.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: LanmanServer
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\srvsvc.dll
2012-03-15 17:16:39: Display Name: Server
2012-03-15 17:16:39: Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\srvsvc.dll
2012-03-15 17:16:39: File size: 99840
2012-03-15 17:16:39: DLL File name: srvsvc.dll
2012-03-15 17:16:39: Original File Name: SRVSVC.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090422 20120112090422 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: lanmanworkstation
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\wkssvc.dll
2012-03-15 17:16:39: Display Name: Workstation
2012-03-15 17:16:39: Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\wkssvc.dll
2012-03-15 17:16:39: File size: 134144
2012-03-15 17:16:39: DLL File name: wkssvc.dll
2012-03-15 17:16:39: Original File Name: WKSSVC.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090439 20120112090439 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: LmHosts
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\lmhsvc.dll
2012-03-15 17:16:39: Display Name: TCP/IP NetBIOS Helper
2012-03-15 17:16:39: Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
2012-03-15 17:16:39: ServiceDLL: System32\lmhsvc.dll
2012-03-15 17:16:39: File size: 13824
2012-03-15 17:16:39: DLL File name: lmhsvc.dll
2012-03-15 17:16:39: Original File Name: lmhsvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Messenger
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\msgsvc.dll
2012-03-15 17:16:39: Display Name: Messenger
2012-03-15 17:16:39: Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\msgsvc.dll
2012-03-15 17:16:39: File size: 33792
2012-03-15 17:16:39: DLL File name: msgsvc.dll
2012-03-15 17:16:39: Original File Name: msgsvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315171639
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: napagent
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\qagentrt.dll
2012-03-15 17:16:39: Display Name: Network Access Protection Agent
2012-03-15 17:16:39: Description: Allows windows clients to participate in Network Access Protection
2012-03-15 17:16:39: ServiceDLL: System32\qagentrt.dll
2012-03-15 17:16:39: File size: 291328
2012-03-15 17:16:39: DLL File name: qagentrt.dll
2012-03-15 17:16:39: Original File Name: QAgentRT.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Netman
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\netman.dll
2012-03-15 17:16:39: Display Name: Network Connections
2012-03-15 17:16:39: Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
2012-03-15 17:16:39: ServiceDLL: System32\netman.dll
2012-03-15 17:16:39: File size: 198144
2012-03-15 17:16:39: DLL File name: netman.dll
2012-03-15 17:16:39: Original File Name: netman.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Nla
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\mswsock.dll
2012-03-15 17:16:39: Display Name: Network Location Awareness (NLA)
2012-03-15 17:16:39: Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
2012-03-15 17:16:39: ServiceDLL: System32\mswsock.dll
2012-03-15 17:16:39: File size: 245248
2012-03-15 17:16:39: DLL File name: mswsock.dll
2012-03-15 17:16:39: Original File Name: mswsock.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090347 20120112090347 20120315170042
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: NtmsSvc
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\ntmssvc.dll
2012-03-15 17:16:39: Display Name: Removable Storage
2012-03-15 17:16:39: Description:
2012-03-15 17:16:39: ServiceDLL: system32\ntmssvc.dll
2012-03-15 17:16:39: File size: 435200
2012-03-15 17:16:39: DLL File name: ntmssvc.dll
2012-03-15 17:16:39: Original File Name: ntmssvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: !!!!!!!
2012-03-15 17:16:39: Found Service: Packet
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\csctl50.dll.bad
2012-03-15 17:16:39: Display Name: AFGMp50
2012-03-15 17:16:39: Description: New service would allow parents to control their children's online activity.
2012-03-15 17:16:39: ServiceDLL: system32\csctl50.dll.bad
2012-03-15 17:16:39: File size: 0
2012-03-15 17:16:39: DLL File name: csctl50.dll.bad
2012-03-15 17:16:39: Original File Name:
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time:
2012-03-15 17:16:39: !!!!!!!!!
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: RasAuto
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\rasauto.dll
2012-03-15 17:16:39: Display Name: Remote Access Auto Connection Manager
2012-03-15 17:16:39: Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
2012-03-15 17:16:39: ServiceDLL: System32\rasauto.dll
2012-03-15 17:16:39: File size: 88576
2012-03-15 17:16:39: DLL File name: rasauto.dll
2012-03-15 17:16:39: Original File Name: rasauto.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: RasMan
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\rasmans.dll
2012-03-15 17:16:39: Display Name: Remote Access Connection Manager
2012-03-15 17:16:39: Description: Creates a network connection.
2012-03-15 17:16:39: ServiceDLL: System32\rasmans.dll
2012-03-15 17:16:39: File size: 186368
2012-03-15 17:16:39: DLL File name: rasmans.dll
2012-03-15 17:16:39: Original File Name: Rasmans.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170042
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: RemoteAccess
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\mprdim.dll
2012-03-15 17:16:39: Display Name: Routing and Remote Access
2012-03-15 17:16:39: Description: Offers routing services to businesses in local area and wide area network environments.
2012-03-15 17:16:39: ServiceDLL: System32\mprdim.dll
2012-03-15 17:16:39: File size: 53248
2012-03-15 17:16:39: DLL File name: mprdim.dll
2012-03-15 17:16:39: Original File Name: MPRDIM.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315171639
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: RemoteRegistry
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\regsvc.dll
2012-03-15 17:16:39: Display Name: Remote Registry
2012-03-15 17:16:39: Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: system32\regsvc.dll
2012-03-15 17:16:39: File size: 59904
2012-03-15 17:16:39: DLL File name: regsvc.dll
2012-03-15 17:16:39: Original File Name: REGSVC.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: RpcSs
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\rpcss.dll
2012-03-15 17:16:39: Display Name: Remote Procedure Call (RPC)
2012-03-15 17:16:39: Description: Provides the endpoint mapper and other miscellaneous RPC services.
2012-03-15 17:16:39: ServiceDLL: System32\rpcss.dll
2012-03-15 17:16:39: File size: 401408
2012-03-15 17:16:39: DLL File name: rpcss.dll
2012-03-15 17:16:39: Original File Name: rpcss.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090407 20120112090407 20120315165510
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Schedule
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\schedsvc.dll
2012-03-15 17:16:39: Display Name: Task Scheduler
2012-03-15 17:16:39: Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: system32\schedsvc.dll
2012-03-15 17:16:39: File size: 192512
2012-03-15 17:16:39: DLL File name: schedsvc.dll
2012-03-15 17:16:39: Original File Name: schedsvc.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20120229175054 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: seclogon
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\seclogon.dll
2012-03-15 17:16:39: Display Name: Secondary Logon
2012-03-15 17:16:39: Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:39: ServiceDLL: System32\seclogon.dll
2012-03-15 17:16:39: File size: 18944
2012-03-15 17:16:39: DLL File name: seclogon.dll
2012-03-15 17:16:39: Original File Name: SECLOGON.EXE
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: SENS
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\sens.dll
2012-03-15 17:16:39: Display Name: System Event Notification
2012-03-15 17:16:39: Description: Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
2012-03-15 17:16:39: ServiceDLL: system32\sens.dll
2012-03-15 17:16:39: File size: 39424
2012-03-15 17:16:39: DLL File name: sens.dll
2012-03-15 17:16:39: Original File Name: sens.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170042
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: SharedAccess
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\ipnathlp.dll
2012-03-15 17:16:39: Display Name: Windows Firewall/Internet Connection Sharing (ICS)
2012-03-15 17:16:39: Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
2012-03-15 17:16:39: ServiceDLL: System32\ipnathlp.dll
2012-03-15 17:16:39: File size: 330752
2012-03-15 17:16:39: DLL File name: ipnathlp.dll
2012-03-15 17:16:39: Original File Name: IPNATHLP.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090308 20120112090308 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: ShellHWDetection
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\shsvcs.dll
2012-03-15 17:16:39: Display Name: Shell Hardware Detection
2012-03-15 17:16:39: Description: Provides notifications for AutoPlay hardware events.
2012-03-15 17:16:39: ServiceDLL: System32\shsvcs.dll
2012-03-15 17:16:39: File size: 135168
2012-03-15 17:16:39: DLL File name: shsvcs.dll
2012-03-15 17:16:39: Original File Name: SHSVCS.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090420 20120112090420 20120315170551
2012-03-15 17:16:39: !!!!!!!
2012-03-15 17:16:39: Found Service: srservice
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\srsvc.dll
2012-03-15 17:16:39: Display Name: System Restore Service
2012-03-15 17:16:39: Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
2012-03-15 17:16:39: ServiceDLL: system32\srsvc.dll
2012-03-15 17:16:39: File size: 171008
2012-03-15 17:16:39: DLL File name: srsvc.dll
2012-03-15 17:16:39: Original File Name: SERVICE.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20120229175055 20120315170552
2012-03-15 17:16:39: !!!!!!!!!
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: SSDPSRV
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\ssdpsrv.dll
2012-03-15 17:16:39: Display Name: SSDP Discovery Service
2012-03-15 17:16:39: Description: Enables discovery of UPnP devices on your home network.
2012-03-15 17:16:39: ServiceDLL: System32\ssdpsrv.dll
2012-03-15 17:16:39: File size: 71680
2012-03-15 17:16:39: DLL File name: ssdpsrv.dll
2012-03-15 17:16:39: Original File Name: ssdpsrv.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: stisvc
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\wiaservc.dll
2012-03-15 17:16:39: Display Name: Windows Image Acquisition (WIA)
2012-03-15 17:16:39: Description: Provides image acquisition services for scanners and cameras.
2012-03-15 17:16:39: ServiceDLL: system32\wiaservc.dll
2012-03-15 17:16:39: File size: 333824
2012-03-15 17:16:39: DLL File name: wiaservc.dll
2012-03-15 17:16:39: Original File Name: WIASERVC.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: TapiSrv
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\tapisrv.dll
2012-03-15 17:16:39: Display Name: Telephony
2012-03-15 17:16:39: Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
2012-03-15 17:16:39: ServiceDLL: System32\tapisrv.dll
2012-03-15 17:16:39: File size: 249856
2012-03-15 17:16:39: DLL File name: tapisrv.dll
2012-03-15 17:16:39: Original File Name: TAPISRV.EXE
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090426 20120112090426 20120315170042
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: TermService
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\termsrv.dll
2012-03-15 17:16:39: Display Name: Terminal Services
2012-03-15 17:16:39: Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
2012-03-15 17:16:39: ServiceDLL: System32\termsrv.dll
2012-03-15 17:16:39: File size: 296960
2012-03-15 17:16:39: DLL File name: termsrv.dll
2012-03-15 17:16:39: Original File Name: termsrv.exe
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090427 20120229175016 20120315170552
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: Themes
2012-03-15 17:16:39: Real Path: C:\WINDOWS\System32\shsvcs.dll
2012-03-15 17:16:39: Display Name: Themes
2012-03-15 17:16:39: Description: Provides user experience theme management.
2012-03-15 17:16:39: ServiceDLL: System32\shsvcs.dll
2012-03-15 17:16:39: File size: 135168
2012-03-15 17:16:39: DLL File name: shsvcs.dll
2012-03-15 17:16:39: Original File Name: SHSVCS.DLL
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20120112090420 20120112090420 20120315170551
2012-03-15 17:16:39: ---------------------------------------------------------------------
2012-03-15 17:16:39: Found Service: TrkWks
2012-03-15 17:16:39: Real Path: C:\WINDOWS\system32\trkwks.dll
2012-03-15 17:16:39: Display Name: Distributed Link Tracking Client
2012-03-15 17:16:39: Description: Maintains links between NTFS files within a computer or across computers in a network domain.
2012-03-15 17:16:39: ServiceDLL: system32\trkwks.dll
2012-03-15 17:16:39: File size: 90112
2012-03-15 17:16:39: DLL File name: trkwks.dll
2012-03-15 17:16:39: Original File Name: trkwks.dll
2012-03-15 17:16:39: Company:
2012-03-15 17:16:39: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:40: !!!!!!!
2012-03-15 17:16:40: Found Service: upnphost
2012-03-15 17:16:40: Real Path: C:\WINDOWS\System32\upnphost.dll
2012-03-15 17:16:40: Display Name: Universal Plug and Play Device Host
2012-03-15 17:16:40: Description: Provides support to host Universal Plug and Play devices.
2012-03-15 17:16:40: ServiceDLL: System32\upnphost.dll
2012-03-15 17:16:40: File size: 185856
2012-03-15 17:16:40: DLL File name: upnphost.dll
2012-03-15 17:16:40: Original File Name: unpnhost.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:40: !!!!!!!!!
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: W32Time
2012-03-15 17:16:40: Real Path: C:\WINDOWS\system32\w32time.dll
2012-03-15 17:16:40: Display Name: Windows Time
2012-03-15 17:16:40: Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:40: ServiceDLL: system32\w32time.dll
2012-03-15 17:16:40: File size: 175616
2012-03-15 17:16:40: DLL File name: w32time.dll
2012-03-15 17:16:40: Original File Name: w32time.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20120112090433 20120112090433 20120315170552
2012-03-15 17:16:40: !!!!!!!
2012-03-15 17:16:40: Found Service: WebClient
2012-03-15 17:16:40: Real Path: C:\WINDOWS\System32\webclnt.dll
2012-03-15 17:16:40: Display Name: WebClient
2012-03-15 17:16:40: Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:40: ServiceDLL: System32\webclnt.dll
2012-03-15 17:16:40: File size: 68096
2012-03-15 17:16:40: DLL File name: webclnt.dll
2012-03-15 17:16:40: Original File Name: davsvc.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20120112090434 20120112090434 20120315170552
2012-03-15 17:16:40: !!!!!!!!!
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: winmgmt
2012-03-15 17:16:40: Real Path: C:\WINDOWS\system32\wbem\WMIsvc.dll
2012-03-15 17:16:40: Display Name: Windows Management Instrumentation
2012-03-15 17:16:40: Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-03-15 17:16:40: ServiceDLL: system32\wbem\WMIsvc.dll
2012-03-15 17:16:40: File size: 144896
2012-03-15 17:16:40: DLL File name: WMIsvc.dll
2012-03-15 17:16:40: Original File Name: wmisvc.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20080414060000 20120229175014 20120315170552
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: WmdmPmSN
2012-03-15 17:16:40: Real Path: C:\WINDOWS\system32\mspmsnsv.dll
2012-03-15 17:16:40: Display Name: Portable Media Serial Number Service
2012-03-15 17:16:40: Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
2012-03-15 17:16:40: ServiceDLL: system32\mspmsnsv.dll
2012-03-15 17:16:40: File size: 52224
2012-03-15 17:16:40: DLL File name: mspmsnsv.dll
2012-03-15 17:16:40: Original File Name: MsPMSNSv.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: Wmi
2012-03-15 17:16:40: Real Path: C:\WINDOWS\System32\advapi32.dll
2012-03-15 17:16:40: Display Name: Windows Management Instrumentation Driver Extensions
2012-03-15 17:16:40: Description: Provides systems management information to and from drivers.
2012-03-15 17:16:40: ServiceDLL: System32\advapi32.dll
2012-03-15 17:16:40: File size: 617472
2012-03-15 17:16:40: DLL File name: advapi32.dll
2012-03-15 17:16:40: Original File Name: advapi32.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20120112090244 20120112090244 20120315165510
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: wuauserv
2012-03-15 17:16:40: Real Path: C:\WINDOWS\system32\wuauserv.dll
2012-03-15 17:16:40: Display Name: Automatic Updates
2012-03-15 17:16:40: Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
2012-03-15 17:16:40: ServiceDLL: system32\wuauserv.dll
2012-03-15 17:16:40: File size: 22520
2012-03-15 17:16:40: DLL File name: wuauserv.dll
2012-03-15 17:16:40: Original File Name: wuauserv.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20120112090452 20120229175059 20120315170552
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: WZCSVC
2012-03-15 17:16:40: Real Path: C:\WINDOWS\System32\wzcsvc.dll
2012-03-15 17:16:40: Display Name: Wireless Zero Configuration
2012-03-15 17:16:40: Description: Provides automatic configuration for the 802.11 adapters
2012-03-15 17:16:40: ServiceDLL: System32\wzcsvc.dll
2012-03-15 17:16:40: File size: 483328
2012-03-15 17:16:40: DLL File name: wzcsvc.dll
2012-03-15 17:16:40: Original File Name: wzcsvc.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20120112090958 20080422120342 20120315170552
2012-03-15 17:16:40: ---------------------------------------------------------------------
2012-03-15 17:16:40: Found Service: xmlprov
2012-03-15 17:16:40: Real Path: C:\WINDOWS\System32\xmlprov.dll
2012-03-15 17:16:40: Display Name: Network Provisioning Service
2012-03-15 17:16:40: Description: Manages XML configuration files on a domain basis for automatic network provisioning.
2012-03-15 17:16:40: ServiceDLL: System32\xmlprov.dll
2012-03-15 17:16:40: File size: 129024
2012-03-15 17:16:40: DLL File name: xmlprov.dll
2012-03-15 17:16:40: Original File Name: xmlprov.dll
2012-03-15 17:16:40: Company:
2012-03-15 17:16:40: Mod/Cre/Acc time: 20080414060000 20080414060000 20120315170552
2012-03-15 17:16:40:
2012-03-15 17:16:40: Looking for SHELL key
2012-03-15 17:16:40: HKCU WINLOGON SHELL: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02E7ABF0\X
2012-03-15 17:16:40: Folder: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02E7ABF0\
2012-03-15 17:16:40: File: X
2012-03-15 17:16:40:  ...Will request C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02E7ABF0\X
2012-03-15 17:16:40:  ... New user shell: EXPLORER.EXE,
2012-03-15 17:16:40: Checking for bad folder
2012-03-15 17:16:40: Found 1 folders.
2012-03-15 17:16:40: Checking C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0
2012-03-15 17:16:40: ... Folder test returns: 1
2012-03-15 17:16:40:  Bad Folder found: 02e7abf0
2012-03-15 17:16:40:  ... Unhidding
2012-03-15 17:16:40:  ... Parse Point: 1 0
2012-03-15 17:16:40:  ... Folder: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U
2012-03-15 17:16:40: xcacls.exe C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U /p Administrators:f SYSTEM:f /y
2012-03-15 17:16:40: fsutil reparsepoint query C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\X.BAD
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\00000001.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000c0.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000cb.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000cf.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\80000000.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000c0.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000cb.@
2012-03-15 17:16:40:  ... File: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000cf.@
2012-03-15 17:16:43: Folder: GAC
2012-03-15 17:16:43: Folder: GAC_MSIL
2012-03-15 17:16:43:  ... Fixing permissions on C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
2012-03-15 17:16:43: Checking for bad folder
2012-03-15 17:16:43: Found 1 folders.
2012-03-15 17:16:43: Checking C:\WINDOWS\$NtUninstallKB22248$
2012-03-15 17:16:43: ... Folder test returns: 0
2012-03-15 17:16:43:  Bad Folder found: $NtUninstallKB22248$
2012-03-15 17:16:43:  ... Unhidding
2012-03-15 17:16:43:  ... Parse Point: 0 0
2012-03-15 17:16:43:  ... Deleting parse point
2012-03-15 17:16:43:  ... Folder: C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:16:43: ... Unhidding folder C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:16:44: xcacls.exe C:\WINDOWS\$NtUninstallKB22248$\48737264 /p Administrators:f SYSTEM:f /y
2012-03-15 17:16:44: fsutil reparsepoint query C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:16:44:  ... Folder: C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:16:44: ... Unhidding folder C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:16:44: xcacls.exe C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb /p Administrators:f SYSTEM:f /y
2012-03-15 17:16:44: fsutil reparsepoint query C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:16:44:  ... Folder: C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:16:44: xcacls.exe C:\WINDOWS\$NtUninstallKB22248$\48737264 /p Administrators:f SYSTEM:f /y
2012-03-15 17:16:44: fsutil reparsepoint query C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:16:44:  ... Folder: C:\WINDOWS\$NtUninstallKB22248$\48737264\L
2012-03-15 17:16:44: xcacls.exe C:\WINDOWS\$NtUninstallKB22248$\48737264\L /p Administrators:f SYSTEM:f /y
2012-03-15 17:16:44: fsutil reparsepoint query C:\WINDOWS\$NtUninstallKB22248$\48737264\L
2012-03-15 17:16:44:  ... Folder: C:\WINDOWS\$NtUninstallKB22248$\48737264\U
2012-03-15 17:16:44: xcacls.exe C:\WINDOWS\$NtUninstallKB22248$\48737264\U /p Administrators:f SYSTEM:f /y
2012-03-15 17:16:44: fsutil reparsepoint query C:\WINDOWS\$NtUninstallKB22248$\48737264\U
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\859542333
2012-03-15 17:16:44:  ... Breaking file junction C:\WINDOWS\$NtUninstallKB22248$\859542333
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\@
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\L\lzxioeez
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@00000001
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000c0
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cb
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cf
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@80000000
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000c0
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cb
2012-03-15 17:16:44:  ... File: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cf
2012-03-15 17:16:44: Found BAD driver: 4CCC07945B5C5DE7B78F659062E5AC32 (bad) -> FB2FCCC70F7174C7BF64F48E96D3ADF4(good) MRXSMB.Sys
2012-03-15 17:16:44: Written to SPB
2012-03-15 17:16:44: Found BAD EXE: EE6C7350FFA2EB9F6E57B5486FFDB784 [\Device\HarddiskVolume1\WINDOWS\assembly\GAC_MSIL\Desktop.ini]
2012-03-15 17:16:44: Written to SPB
2012-03-15 17:16:44: Found BAD EXE: B89CFBE8CB247B57D8C10ADAA66B462B [%systemroot%\system32\csctl50.dll]
2012-03-15 17:16:44: Written to SPB
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\X.BAD
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\00000001.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000c0.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000cb.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000cf.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\80000000.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000c0.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000cb.@
2012-03-15 17:16:44: Requesting bad file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000cf.@
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\859542333
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\@
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\L\lzxioeez
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@00000001
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000c0
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cb
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cf
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@80000000
2012-03-15 17:16:44: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000c0
2012-03-15 17:16:45: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cb
2012-03-15 17:16:45: Requesting bad file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cf
2012-03-15 17:16:45: Running Extractor
2012-03-15 17:16:46: Uploading file
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\X.BAD
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\00000001.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000c0.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000cb.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\000000cf.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\80000000.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000c0.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000cb.@
2012-03-15 17:17:20: Locking file: C:\DOCUMENTS AND SETTINGS\THISISU\LOCAL SETTINGS\APPLICATION DATA\02e7abf0\U\800000cf.@
2012-03-15 17:17:20: Locking file: C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
2012-03-15 17:17:20: Locking file: C:\WINDOWS\$NtUninstallKB22248$\859542333
2012-03-15 17:17:20: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\@
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\L\lzxioeez
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@00000001
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000c0
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cb
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cf
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@80000000
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000c0
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cb
2012-03-15 17:17:21: Locking file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cf
2012-03-15 17:17:21: Processing 4CCC07945B5C5DE7B78F659062E5AC32|FB2FCCC70F7174C7BF64F48E96D3ADF4|MRXSMB.Sys
2012-03-15 17:17:21:  ...Looking for proper driver for MRXSMB.Sys
2012-03-15 17:17:21:  ...Found driver for MRXSMB.Sys in FB2FCCC70F7174C7BF64F48E96D3ADF4
2012-03-15 17:17:21: Driver MRXSMB set to system32\DRIVERS\20120315171721.MRXSMB.sys (Read: system32\DRIVERS\20120315171721.MRXSMB.sys)
2012-03-15 17:17:21: Movedriver: Registry replacement done.
2012-03-15 17:17:21: Registry driver replacement done...
2012-03-15 17:17:21: Adding bad EXE to md5s... EE6C7350FFA2EB9F6E57B5486FFDB784
2012-03-15 17:17:21: Adding bad EXE to md5s... B89CFBE8CB247B57D8C10ADAA66B462B
2012-03-15 17:17:21: Adding bad DRIVER to md5s... 4CCC07945B5C5DE7B78F659062E5AC32
2012-03-15 17:17:21: Some drivers where replaced. We need to enforce...
2012-03-15 17:17:21: Drivers replaced:
MRXSMB.Sys
2012-03-15 17:17:21: EE6C7350FFA2EB9F6E57B5486FFDB784

B89CFBE8CB247B57D8C10ADAA66B462B

4CCC07945B5C5DE7B78F659062E5AC32

2012-03-15 17:17:21: Autonomous mode, clearing out yt folder
2012-03-15 17:17:21: cmd.exe /c start "C:\Documents and Settings\thisisu\Desktop\yorkyt.exe"
2012-03-15 17:17:50: Restarting...
2012-03-15 17:18:13: ****************************************************
2012-03-15 17:18:13:  Starting UP ... v 0.0.0.190
2012-03-15 17:18:13: ****************************************************
2012-03-15 17:18:13: Listing processes...
2012-03-15 17:18:13:    :[System Process]:0
2012-03-15 17:18:13:    :System:4
2012-03-15 17:18:13:    :smss.exe:392
2012-03-15 17:18:13:    :csrss.exe:568
2012-03-15 17:18:13:    :winlogon.exe:592
2012-03-15 17:18:13:    :services.exe:644
2012-03-15 17:18:13:    :lsass.exe:656
2012-03-15 17:18:13:    :svchost.exe:812
2012-03-15 17:18:13:    :svchost.exe:892
2012-03-15 17:18:13:    :svchost.exe:988
2012-03-15 17:18:13:    :svchost.exe:1048
2012-03-15 17:18:13:    :svchost.exe:1104
2012-03-15 17:18:13:    :userinit.exe:1540
2012-03-15 17:18:13:    :explorer.exe:1556
2012-03-15 17:18:13:    :spoolsv.exe:1588
2012-03-15 17:18:13:    :yorkyt.exe:1664
2012-03-15 17:18:13:    :ctfmon.exe:1752
2012-03-15 17:18:13:    :wmiprvse.exe:1836
2012-03-15 17:18:13:
2012-03-15 17:18:13: Starting cleanup mode...
2012-03-15 17:18:13:  At item: 1 C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:18:13:  At item: 2 C:\WINDOWS\$NtUninstallKB22248$\859542333
2012-03-15 17:18:13:  At item: 3 C:\WINDOWS\$NtUninstallKB22248$\48737264\@
2012-03-15 17:18:13:  At item: 4 C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:18:13:  At item: 5 C:\WINDOWS\$NtUninstallKB22248$\48737264\L\lzxioeez
2012-03-15 17:18:13:  At item: 6 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@00000001
2012-03-15 17:18:13:  At item: 7 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000c0
2012-03-15 17:18:13:  At item: 8 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cb
2012-03-15 17:18:13:  At item: 9 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cf
2012-03-15 17:18:13:  At item: 10 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@80000000
2012-03-15 17:18:13:  At item: 11 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000c0
2012-03-15 17:18:13:  At item: 12 C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:18:13:  At item: 13 C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:18:13:  At item: 14 C:\WINDOWS\$NtUninstallKB22248$\48737264\L
2012-03-15 17:18:13:  At item: 15 C:\WINDOWS\$NtUninstallKB22248$\48737264\U
2012-03-15 17:18:13:  At item: 16 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cb
2012-03-15 17:18:13:  At item: 17 C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cf
2012-03-15 17:18:13:  .... Skipping folder.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\859542333
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\@
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\L\lzxioeez
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@00000001
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000c0
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cb
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@000000cf
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@80000000
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000c0
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  .... Skipping folder.
2012-03-15 17:18:13:  .... Skipping folder.
2012-03-15 17:18:13:  .... Skipping folder.
2012-03-15 17:18:13:  .... Skipping folder.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cb
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Delete file: C:\WINDOWS\$NtUninstallKB22248$\48737264\U\@800000cf
2012-03-15 17:18:13:  !... File does not exist. Cannot be deleted.
2012-03-15 17:18:13:  ... Done with files, now folders
2012-03-15 17:18:13:  ... Processing folder: C:\WINDOWS\$NtUninstallKB22248$\48737264\U
2012-03-15 17:18:13:  ... Processing folder: C:\WINDOWS\$NtUninstallKB22248$\48737264\L
2012-03-15 17:18:13:  ... Processing folder: C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:18:13:  ... Processing folder: C:\WINDOWS\$NtUninstallKB22248$\48737264\loader.tlb
2012-03-15 17:18:13:  .... Folder is gone.
2012-03-15 17:18:13:  ... Processing folder: C:\WINDOWS\$NtUninstallKB22248$\48737264
2012-03-15 17:18:13:  .... Folder is gone.
2012-03-15 17:18:13:  ... Done with folders.
2012-03-15 17:18:55: All DONE