Jump to content

Adware? 1st System Check then Internet Security


caewe12
 Share

Recommended Posts

etp12y1.exe is the randomized name for GMER. I suspect the infection blocked it's running.

The last Roguekiller run reveals the presence of a highly suspicious hidden partition on your HDD.

It appears your system has a TDL4+ infection.

Put & enforce a quarantine on this system.

Only visit this site, period. and the websites I guide you to.

Meantime, do not do websurfing on the infected machine.

Hopefully you have another (clean) pc to do this work.

Please make plans to build a CD/DVD that we will need to boot from.

Download the >> Gparted Live CD ISO << and burn it to CD or DVD as an ISO image.

and let me know after you have finished.

If your Windows version does not have an ISO burning capability,

you need to use something like Nero /Roxio or other iso-capable-burning software, and do an image burn. If you do a regular copy-burn the CD won't work. If you don't have ISO-burning capabilty, you can obtain a free .iso burner such as ImageBurn (ImgBurn):

ImgBurn is another free utility. You only need one for our purpose.

Imgburn is at http://www.imgburn.com/

Advise me when the CD is done. There will be much more follow-up work later.

Link to post
Share on other sites

  • Replies 127
  • Created
  • Last Reply

Top Posters In This Topic

Hello,

At you next opportunity, do the following.

eusa_hand.gifThe fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other one!

Close any open documents if any and save your work if any.

Make sure all "external" HDD drives are not connected.

Do a Windows shutdown.

Place the Gparted CD in the drive.

You must Change the boot order in the BIOS to boot to the CD first, or just hit the Function key that displays on your screen at system restart to Change the Boot Order.

Restart the pc to boot up from CD

Once booted and program is started, You will see a menu.

Choose the GParted Live (Default Settings) option and hit Enter.

Allow GParted to load by selecting all the default options (simply press enter when prompted).

When asked "Which Mode do you Prefer" - Hit Enter to use Gparted automatically, and the GParted Desktop will display:

I do not want you to edit anything.

You will see on screen information about the partitions on your HDD system.

Similar to to this snapshot here

http://secure-comput...ScreenieJPG.jpg

I just want you to describe to me each partition as it is listed: Partition name (letters) , Size, Label (ie Reserved), and especially tell me which partition has "Boot" next to it.

Also tell me if you see "hidden" partition (s).

Write down all information.

IF at all possible, take a digital picture with your cell phone (if you have) and upload and attach the snapshot in your reply.

Boot back into Windows and post your results please.

You can see an article with examples at Negster22's BITS and PC's blog here

http://secure-comput...m/blog/2011/11/

Once again, do not make ANY changes. I will guide you further after reviewing your feedback results.

Link to post
Share on other sites

Hi,

I changed the boot sequence to "Onboard or USB CD-Rom Drive but when I try to boot I get an error message that says "Selected boot device not available". Not sure what I'm doing wrong or if it's the CD. Feeling WAY out of my comfort zone. Help!

Thanks.

CAE

Link to post
Share on other sites

Assuming you set the boot sequence ok. Just as you said.

So, try just one more time. Put the Gparted CD in the drive. Logoff and shutdown the pc. Wait about a minute. Then power-up/restart and let's see if it boots up into GParted.

If still no joy, then see if your pc has capability to boot from USB flash-drive. It probably should. In which case, using a new/clean USB flash drive, let's have you set Gparted into flash-drive. The instructions are on this page http://gparted.sourc...net/liveusb.php

I'd suggest using Method A.

If all that is possible, shutdown the pc. Put the USB flash-drive into USB port connection.

Power-up/restart system.

Link to post
Share on other sites

Hi,

Decided to burn another disc - success. When I rebooted the computer I saw the Gparted Live default but wasn't quick enough and the screen went black then it scrolled through a lot of writing and ended up here (see attached picture of my screen). In the upper left hand corner it says package configuration. Please advise. Thanks. CAE

post-108034-0-19154900-1330787919.jpg

Link to post
Share on other sites

OK,

Keep in mind this snapshot. The partition named /dev/sda4 is the hidden partition which we eventually want to delete. But first we want to set it to be Not hidden & not boot.

We also want to set the partition /dev/sda2 to be Active/boot.

Instructions to follow in next reply.

Link to post
Share on other sites

These instructions were written by kevinf80 based on the TDL4 removal instructions posted in Negster22's blog article "Using GParted to Edit the Partion Table & Manage Partitions"

http://secure-comput...the_part_1.html

  • IF you are already at GParted main screen, skip down to Initial Fix.
  • Boot your system from the GParted Live CD. You should see the following:
    GParted1.png
  • Press ENTER
    GParted2.png
  • By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.
    GParted3.png
  • Choose your language and press ENTER. English is default
    GParted4.png
  • Once again, at this prompt, press ENTER You will now be taken to the main GUI screen.
    :excl:Initial Fix :excl:
  • Right click on the /dev/sda4 size 1.76 MiB Partion and select "Manage Flags"
  • Remove the Ticks from Boot and Hidden as follows:
    GPb.png
  • Right click on the OS Partion /dev/sda2, you can recognize it by its size 145.58 GiB and select "Manage Flags"
  • Put a tick in the Boot option as follows:
    GPc.png
  • You now need to confirm those actions as follows:
    GParted7-1.png
  • Recheck each partion under "Flags" make sure the small rogue partiton does not have "Boot" applied, and the OS partion DOES have "Boot applied.
  • If the above is correct double click on the GParted9.png Button.
  • At the next window select "Reboot" then "OK" Boot into Normal Windows, check that all is OK.
    GParted10.png

Next:

Remove the Gparted CD from the tray.

Restart system into normal Windows.

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Link to post
Share on other sites

Hi,

Didn't go exactly as above but seemed okay. Here is the log.

ListParts by Farbar Version: 29-02-2012

Ran by Ekenbarger's (administrator) on 03-03-2012 at 13:54:30

Windows XP (X86)

Running From: H:\

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 19%

Total physical RAM: 2558.09 MB

Available physical RAM: 2046.62 MB

Total Pagefile: 3168.61 MB

Available Pagefile: 2839.8 MB

Total Virtual: 2047.88 MB

Available Virtual: 2000.34 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:145.58 GB) (Free:101.35 GB) NTFS ==>[Drive with boot components (Windows XP)]

4 Drive f: (JAKE) (Fixed) (Total:465.76 GB) (Free:412.63 GB) NTFS

6 Drive h: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 Online 466 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 55 MB 32 KB

Partition 2 Primary 146 GB 55 MB

Partition 3 Unknown 3459 MB 146 GB

Partition 4 Primary 1802 KB 149 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 146 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : DB

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 G Partition 2048 KB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 466 GB 1024 KB

======================================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F JAKE NTFS Partition 466 GB Healthy

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

The next objective is to Delete the rogue partition off your main hard disk drive & then run other tools.

Print this out for offline reference.

  • Remove any disk you have in drive H and disconnect any other external hard disk.
  • Place the GParted CD in the CD tray.
  • re-boot with the GParted Live CD again.
  • Follow the previous instructions until you are at the main GParted GUI screen
  • Select the small rogue partion /dev/sda4 size 1.76 MiB, click the trash can icon to delete and then click Apply. Then confirm your actions:
    Gparted8.png
  • Double click on the GParted9.png Button.
  • At the next window select "Reboot" then "OK" Boot into Normal Windows.

Step 2

Remove GParted CD & secure it away.

Restart the pc normally.

Now we can proceed to do follow-up tests/scans.

Step 3

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Make sure your anti-virus is temporarily disabled. Likewise, insure that Spybot Tea Timer is OFF.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Step 5

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 6

Reply with copy of contents of the TDSSKILLER log

C:\Combofix.txt

and the last MBAM scan log

and tell me, How is your system now ?

Link to post
Share on other sites

33killerlog.txt

Hi,

Completed all the steps. As far as my system the program files are still empty. TDSS log too long so I attached. Here are the other logs. Thank you for your help! CAE

ComboFix 12-03-03.01 - Ekenbarger's 03/03/2012 17:52:46.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1970 [GMT -5:00]

Running from: c:\documents and settings\Ekenbarger's\Desktop\Combo-Fix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\oobe\msoobe.exe

c:\windows\system32\oobe\oobebaln.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))

.

.

2012-03-03 01:56 . 2012-03-03 01:56 -------- d-----w- c:\program files\Sigmatel

2012-03-03 01:56 . 2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

2012-03-03 01:56 . 2005-03-22 09:22 143441 ----a-w- c:\windows\system32\stac97.cpl

2012-03-03 01:56 . 2005-03-22 09:20 90112 ----a-w- c:\windows\system32\stacapi.dll

2012-02-24 01:05 . 2012-02-24 01:05 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-02-23 23:41 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2012-02-23 23:41 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2012-02-23 23:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-23 23:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-23 23:38 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2012-02-20 23:54 . 2012-02-20 23:54 -------- d-----w- C:\fixpoliciestool

2012-02-20 19:03 . 2012-02-20 19:03 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Malwarebytes

2012-02-20 19:03 . 2012-02-20 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-20 19:02 . 2012-02-20 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-19 22:45 . 2012-02-19 22:45 14664 ----a-w- c:\windows\stinger.sys

2012-02-19 22:43 . 2012-02-19 22:55 -------- d-----w- c:\program files\stinger

2012-02-18 18:12 . 2012-02-23 22:54 -------- d-----w- c:\program files\trend micro

2012-02-18 18:12 . 2012-02-23 22:55 -------- d-----w- C:\rsit

2012-02-18 15:13 . 2012-02-25 19:00 -------- d-----w- C:\ARK

2012-02-18 00:58 . 2012-02-18 00:58 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\QuickScan

2012-02-18 00:46 . 2012-02-18 00:46 -------- d-----w- c:\program files\Common Files\Java

2012-02-18 00:45 . 2012-02-18 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask

2012-02-18 00:45 . 2012-02-18 00:45 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-16 01:00 . 2012-02-16 02:13 -------- d-----w- C:\Combo-Fix

2012-02-12 20:12 . 2012-02-12 20:12 -------- d-----w- c:\program files\ESET

2012-02-10 01:04 . 2012-02-10 01:04 -------- d-----w- C:\_OTL

2012-02-10 00:40 . 2012-02-11 15:24 -------- d-----w- c:\program files\ERUNT

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 16:53 . 2004-08-10 17:51 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-26 20:43 . 2011-05-06 19:29 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-12-17 19:46 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-16_01.54.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll

+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll

+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll

+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll

+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll

+ 2012-03-03 20:22 . 2012-03-03 20:22 16384 c:\windows\Temp\Perflib_Perfdata_84c.dat

+ 2012-03-03 23:02 . 2012-03-03 23:02 16384 c:\windows\Temp\Perflib_Perfdata_848.dat

+ 2012-03-03 23:02 . 2012-03-03 23:02 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat

+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe

- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe

+ 2010-02-22 02:04 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll

- 2010-02-22 02:04 . 2007-11-30 10:39 17272 c:\windows\system32\spmsg.dll

+ 2004-08-10 17:51 . 2012-03-03 01:57 72160 c:\windows\system32\perfc009.dat

+ 2004-08-10 17:51 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe

+ 2004-08-10 17:51 . 2011-09-26 16:41 20480 c:\windows\system32\oleaccrc.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 08:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 08:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-08-10 17:51 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll

- 2004-08-10 17:51 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-10 17:51 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys

+ 2009-08-21 22:05 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-08-21 22:05 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe

+ 2004-08-10 18:02 . 2008-04-14 00:12 51200 c:\windows\system32\dllcache\oobebaln.exe

+ 2011-09-26 16:41 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2004-08-10 18:02 . 2008-04-14 00:12 29184 c:\windows\system32\dllcache\msoobe.exe

+ 2006-05-10 05:23 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2006-05-10 05:23 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-08-21 22:05 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-08-21 22:05 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll

- 2009-03-08 08:34 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 08:34 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2006-05-10 05:22 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2006-05-10 05:22 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2004-08-10 17:50 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll

+ 2004-08-10 17:50 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll

+ 2012-02-25 01:16 . 2012-02-25 01:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2005-09-20 23:48 . 2012-01-12 01:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2005-09-20 23:48 . 2012-02-25 01:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2012-02-25 01:16 . 2012-02-25 01:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-12-25 16:07 . 2011-12-25 16:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-12-25 04:49 . 2011-12-25 04:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-12-25 04:49 . 2011-12-25 04:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2011-05-12 00:00 . 2011-05-12 00:00 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2011-01-27 13:51 . 2012-02-24 01:06 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2011-01-27 13:51 . 2011-04-21 00:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f0763d5c\System.Drawing.Design.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6607c41f\CustomMarshalers.dll

+ 2012-02-24 01:29 . 2012-02-24 01:29 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll

+ 2012-02-24 01:27 . 2012-02-24 01:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe

+ 2012-02-24 01:27 . 2012-02-24 01:27 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe

+ 2012-02-24 01:30 . 2012-02-24 01:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-10-03 00:00 . 2010-10-03 00:00 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2004-08-10 17:51 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

+ 2004-08-10 17:51 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll

- 2004-08-10 17:51 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll

+ 2004-08-10 17:51 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll

- 2004-08-10 17:51 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll

+ 2004-08-10 17:51 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll

- 2004-08-10 17:51 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll

+ 2004-01-07 16:21 . 2004-01-07 16:21 237936 c:\windows\system32\unicows.dll

+ 2008-07-30 00:59 . 2011-09-26 16:41 611328 c:\windows\system32\uiautomationcore.dll

+ 2005-09-16 05:26 . 2005-03-22 09:23 103936 c:\windows\system32\staco.dll

+ 2004-08-10 17:51 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll

- 2004-08-10 17:51 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll

+ 2004-08-10 17:51 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll

+ 2004-08-10 17:51 . 2012-03-03 01:57 442894 c:\windows\system32\perfh009.dat

- 2004-08-10 17:51 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll

+ 2004-08-10 17:51 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll

+ 2004-08-10 17:51 . 2011-09-26 16:41 220160 c:\windows\system32\oleacc.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

- 2009-03-08 08:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll

+ 2009-03-08 08:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll

+ 2012-02-18 00:45 . 2012-02-18 00:45 157472 c:\windows\system32\javaws.exe

- 2011-02-15 23:10 . 2011-02-03 02:40 157472 c:\windows\system32\javaws.exe

+ 2012-02-18 00:45 . 2012-02-18 00:45 149280 c:\windows\system32\javaw.exe

+ 2012-02-18 00:45 . 2012-02-18 00:45 149280 c:\windows\system32\java.exe

+ 2004-08-10 18:02 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll

- 2004-08-10 18:02 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-10 17:51 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe

+ 2004-08-10 17:57 . 2012-02-24 01:42 351384 c:\windows\system32\FNTCACHE.DAT

- 2004-08-10 17:57 . 2011-04-14 00:24 351384 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-10 17:51 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll

- 2004-08-10 17:51 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll

+ 2005-09-16 05:26 . 2005-04-01 00:22 180096 c:\windows\system32\drivers\sthda.sys

- 2004-08-10 18:01 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys

+ 2004-08-10 18:01 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys

+ 2004-08-10 17:51 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys

+ 2005-09-16 05:26 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys

+ 2004-08-10 17:50 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-10 17:50 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll

+ 2006-05-10 05:23 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll

+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll

- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll

+ 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll

- 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll

+ 2009-03-08 08:34 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll

+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll

+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll

+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2011-09-26 16:41 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2009-03-08 08:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll

- 2009-03-08 08:34 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll

- 2006-05-10 05:23 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

+ 2006-05-10 05:23 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-08-21 22:05 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2009-08-21 22:05 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2008-11-12 04:15 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys

- 2008-08-14 09:17 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2008-08-14 09:17 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2009-08-21 22:05 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-08-21 22:05 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2006-05-10 05:22 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll

- 2006-05-10 05:22 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-10 10:15 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-10 10:15 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2009-03-08 18:09 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 18:09 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 08:32 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll

+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll

+ 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

+ 2004-08-10 17:50 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll

- 2004-08-10 17:50 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll

+ 2011-12-25 08:49 . 2011-12-25 08:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2011-12-25 03:53 . 2011-12-25 03:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-12-25 04:49 . 2011-12-25 04:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2012-02-18 00:46 . 2012-02-18 00:46 203776 c:\windows\Installer\32890.msi

+ 2012-02-18 00:45 . 2012-02-18 00:45 901120 c:\windows\Installer\3287c.msi

+ 2011-12-25 10:40 . 2011-12-25 10:40 819200 c:\windows\Installer\165142.msp

+ 2012-02-24 01:04 . 2012-02-24 01:04 467456 c:\windows\Installer\1650fb.msi

+ 2012-02-24 01:06 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2647516-IE8\wininet.dll

+ 2012-02-24 01:06 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll

+ 2012-02-24 01:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll

+ 2012-02-24 01:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe

+ 2012-02-24 01:06 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll

+ 2012-02-24 01:06 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe

+ 2012-02-24 01:01 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2012-02-24 01:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2012-02-24 01:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2008-11-12 04:15 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2012-01-27 22:15 . 2012-01-27 22:15 728344 c:\windows\Downloaded Program Files\qsax.dll

+ 2012-02-24 01:12 . 2012-02-24 01:12 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5fbc3779\System.Drawing.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7b1acc5a\System.Drawing.Design.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6500c1e8\CustomMarshalers.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe

+ 2012-02-24 01:29 . 2012-02-24 01:29 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll

+ 2012-02-24 01:29 . 2012-02-24 01:29 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll

+ 2012-02-24 01:29 . 2012-02-24 01:29 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll

+ 2012-02-24 01:34 . 2012-02-24 01:34 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll

+ 2012-02-24 01:30 . 2012-02-24 01:30 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll

+ 2012-02-24 01:30 . 2012-02-24 01:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe

+ 2012-02-24 01:31 . 2012-02-24 01:31 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe

+ 2012-02-24 01:28 . 2012-02-24 01:28 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll

+ 2012-02-24 01:24 . 2012-02-24 01:24 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\447392b739fcc0dd9bf43d38ed157799\PresentationFramework.Classic.ni.dll

+ 2012-02-24 01:24 . 2012-02-24 01:24 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3d11f3e778bdb89425a689c18afb1041\PresentationFramework.Aero.ni.dll

+ 2012-02-24 01:24 . 2012-02-24 01:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c273f5d4639fe3a367d224afea4c9e3\PresentationFramework.Luna.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll

+ 2012-02-24 01:24 . 2012-02-24 01:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\04a3aea7cd8f46069bfa3e94fc0c3306\PresentationFramework.Royale.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe

+ 2012-02-24 01:31 . 2012-02-24 01:31 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a03adbb7c3084d986da6e22dcce9805f\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe

+ 2012-02-24 01:30 . 2012-02-24 01:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll

+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll

+ 2004-08-10 17:51 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-10 17:51 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll

+ 2004-08-10 17:51 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll

- 2004-08-10 17:51 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe

+ 2004-08-10 17:51 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe

+ 2004-08-04 03:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe

- 2004-08-04 03:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe

+ 2004-08-10 17:51 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll

+ 2009-03-08 08:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll

+ 2008-10-15 05:42 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys

+ 2006-05-10 05:23 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll

+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll

+ 2009-04-15 22:38 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

- 2009-04-15 22:38 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-04-15 22:38 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe

- 2009-04-15 22:38 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe

- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-04-15 22:38 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2009-04-15 22:38 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2006-05-19 15:08 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll

+ 2009-08-21 22:05 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll

- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2011-12-25 08:50 . 2011-12-25 08:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-12-25 16:07 . 2011-12-25 16:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll

+ 2011-12-25 16:06 . 2011-12-25 16:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2011-12-25 16:06 . 2011-12-25 16:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2011-12-25 03:54 . 2011-12-25 03:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2011-12-25 03:53 . 2011-12-25 03:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-12-25 16:06 . 2011-12-25 16:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\165179.msp

+ 2011-10-31 03:54 . 2011-10-31 03:54 2748416 c:\windows\Installer\165167.msp

+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\16515f.msp

+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\16514b.msp

+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\165121.msp

+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\16510c.msp

+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\165103.msp

+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\1650eb.msp

+ 2009-08-17 22:38 . 2009-08-17 22:38 8554872 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\OARTCONV.DLL

+ 2012-02-24 01:06 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll

+ 2012-02-24 01:06 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll

- 2009-04-15 22:38 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-04-15 22:38 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-04-15 22:38 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-04-15 22:38 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-04-15 22:38 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2009-04-15 22:38 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2012-02-24 01:12 . 2012-02-24 01:12 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d85c62d6\System.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_68f44619\System.dll

+ 2012-02-24 01:12 . 2012-02-24 01:12 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_bd962795\System.Xml.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2ae29469\System.Xml.dll

+ 2012-02-24 01:12 . 2012-02-24 01:12 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a79b3090\System.Windows.Forms.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6f08129f\System.Windows.Forms.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ba662c92\System.Drawing.dll

+ 2012-02-24 01:12 . 2012-02-24 01:12 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a55dafde\System.Design.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_071cbbf6\System.Design.dll

+ 2012-02-24 01:13 . 2012-02-24 01:13 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dcd9acc7\mscorlib.dll

+ 2012-02-24 01:12 . 2012-02-24 01:12 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a8d6feb5\mscorlib.dll

+ 2012-02-24 01:27 . 2012-02-24 01:27 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll

+ 2012-02-24 01:29 . 2012-02-24 01:29 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll

+ 2012-02-24 01:27 . 2012-02-24 01:27 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

+ 2012-02-24 01:29 . 2012-02-24 01:29 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

+ 2012-02-24 01:34 . 2012-02-24 01:34 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll

+ 2012-02-24 01:30 . 2012-02-24 01:30 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll

+ 2012-02-24 01:30 . 2012-02-24 01:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll

+ 2012-02-24 01:32 . 2012-02-24 01:32 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll

+ 2012-02-24 01:27 . 2012-02-24 01:27 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-02-24 01:12 . 2012-02-24 01:12 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2010-10-03 00:03 . 2010-10-03 00:03 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-02-24 01:25 . 2012-02-24 01:25 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-04-14 00:06 . 2011-04-14 00:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2010-10-03 00:00 . 2010-10-03 00:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-02-24 01:11 . 2012-02-24 01:11 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2005-11-20 04:58 . 2012-01-27 04:20 52550552 c:\windows\system32\MRT.exe

+ 2009-03-08 08:39 . 2011-12-18 19:46 11082240 c:\windows\system32\ieframe.dll

+ 2009-07-19 22:48 . 2011-12-18 19:46 11082240 c:\windows\system32\dllcache\ieframe.dll

+ 2011-12-26 22:02 . 2011-12-26 22:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp

+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\165170.msp

+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\165156.msp

+ 2011-12-26 14:02 . 2011-12-26 14:02 19677184 c:\windows\Installer\16513b.msp

+ 2012-02-24 01:05 . 2012-02-24 01:05 20333056 c:\windows\Installer\165117.msp

+ 2012-02-24 01:06 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll

+ 2012-02-24 01:29 . 2012-02-24 01:29 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll

+ 2012-02-24 01:33 . 2012-02-24 01:33 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll

+ 2012-02-24 01:31 . 2012-02-24 01:31 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll

+ 2012-02-24 01:28 . 2012-02-24 01:28 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll

+ 2012-02-24 01:27 . 2012-02-24 01:27 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll

+ 2012-02-24 01:27 . 2012-02-24 01:27 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll

+ 2012-02-24 01:26 . 2012-02-24 01:26 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

+ 2012-02-24 01:20 . 2012-02-24 01:20 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c2678ff865d430dbcc94740aa5efdabc\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"Bomgar Support Reconnect [1297805904]"="c:\documents and settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216]

"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-03-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:03]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]

.

2012-03-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-03-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-03-03 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cox.net/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: microsoft.com\www.update

TCP: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12

FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-03 18:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]

"datasecu"=hex:28,72,f8,1c,a1,7f,1f,4b,21,f0,dc,17,10,16,7b,fe,96,08,a1,81,ce,

92,9d,a3,99,2a,90,e3,34,37,f3,c6,11,c1,26,63,01,7c,1c,dd,c0,e4,dc,90,37,34,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(416)

c:\windows\system32\WININET.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\windows\wanmpsvc.exe

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

c:\windows\stsystra.exe

c:\windows\system32\msdtc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-03-03 18:09:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-03 23:09

ComboFix2.txt 2012-02-21 20:37

ComboFix3.txt 2012-02-16 02:12

.

Pre-Run: 108,708,843,520 bytes free

Post-Run: 108,785,934,336 bytes free

.

- - End Of File - - C41CBEEFA761411475E57FF2E3CFAFAD

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.03.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Ekenbarger's :: JAM1 [administrator]

3/3/2012 6:24:34 PM

mbam-log-2012-03-03 (18-24-34).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 311000

Time elapsed: 44 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

ok, now, let's do a follow-up run of TDSSKILLER

Please read carefully and follow these steps.

  • Delete previous copy of Tdsskiller.zip & Tdsskiller.exe
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Hi,

No threats found. Here is the log. Thxs. CAE

13:11:46.0890 7624 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

13:11:47.0218 7624 ============================================================

13:11:47.0218 7624 Current date / time: 2012/03/04 13:11:47.0218

13:11:47.0218 7624 SystemInfo:

13:11:47.0218 7624

13:11:47.0218 7624 OS Version: 5.1.2600 ServicePack: 3.0

13:11:47.0218 7624 Product type: Workstation

13:11:47.0218 7624 ComputerName: JAM1

13:11:47.0218 7624 UserName: Ekenbarger's

13:11:47.0218 7624 Windows directory: C:\WINDOWS

13:11:47.0218 7624 System windows directory: C:\WINDOWS

13:11:47.0218 7624 Processor architecture: Intel x86

13:11:47.0218 7624 Number of processors: 2

13:11:47.0218 7624 Page size: 0x1000

13:11:47.0218 7624 Boot type: Normal boot

13:11:47.0218 7624 ============================================================

13:11:47.0687 7624 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:11:47.0703 7624 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:11:47.0718 7624 \Device\Harddisk0\DR0:

13:11:47.0718 7624 MBR used

13:11:47.0718 7624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x12327F3C

13:11:47.0718 7624 \Device\Harddisk1\DR1:

13:11:47.0718 7624 MBR used

13:11:47.0718 7624 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

13:11:47.0828 7624 Initialize success

13:11:47.0828 7624 ============================================================

13:11:56.0171 7460 ============================================================

13:11:56.0171 7460 Scan started

13:11:56.0171 7460 Mode: Manual;

13:11:56.0171 7460 ============================================================

13:11:56.0828 7460 Scan interrupted by user!

13:11:56.0828 7460 Scan interrupted by user!

13:11:56.0828 7460 Scan interrupted by user!

13:11:56.0828 7460 ============================================================

13:11:56.0828 7460 Scan finished

13:11:56.0828 7460 ============================================================

13:11:56.0843 7440 Detected object count: 0

13:11:56.0843 7440 Actual detected object count: 0

13:12:31.0609 7476 ============================================================

13:12:31.0609 7476 Scan started

13:12:31.0609 7476 Mode: Manual;

13:12:31.0609 7476 ============================================================

13:12:31.0890 7476 Abiosdsk - ok

13:12:31.0953 7476 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:12:31.0953 7476 abp480n5 - ok

13:12:32.0062 7476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:12:32.0062 7476 ACPI - ok

13:12:32.0109 7476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:12:32.0109 7476 ACPIEC - ok

13:12:32.0171 7476 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:12:32.0171 7476 adpu160m - ok

13:12:32.0234 7476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:12:32.0250 7476 aec - ok

13:12:32.0328 7476 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:12:32.0328 7476 AFD - ok

13:12:32.0453 7476 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:12:32.0453 7476 agp440 - ok

13:12:32.0515 7476 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:12:32.0515 7476 agpCPQ - ok

13:12:32.0578 7476 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:12:32.0593 7476 Aha154x - ok

13:12:32.0656 7476 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:12:32.0656 7476 aic78u2 - ok

13:12:32.0718 7476 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:12:32.0718 7476 aic78xx - ok

13:12:32.0781 7476 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:12:32.0781 7476 AliIde - ok

13:12:32.0843 7476 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:12:32.0843 7476 alim1541 - ok

13:12:32.0921 7476 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:12:32.0921 7476 amdagp - ok

13:12:33.0000 7476 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:12:33.0000 7476 amsint - ok

13:12:33.0062 7476 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:12:33.0062 7476 asc - ok

13:12:33.0125 7476 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:12:33.0125 7476 asc3350p - ok

13:12:33.0187 7476 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:12:33.0187 7476 asc3550 - ok

13:12:33.0281 7476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:12:33.0281 7476 AsyncMac - ok

13:12:33.0468 7476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:12:33.0468 7476 atapi - ok

13:12:33.0500 7476 Atdisk - ok

13:12:33.0562 7476 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

13:12:33.0578 7476 ati2mtag - ok

13:12:33.0625 7476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:12:33.0625 7476 Atmarpc - ok

13:12:33.0671 7476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:12:33.0671 7476 audstub - ok

13:12:33.0703 7476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:12:33.0703 7476 Beep - ok

13:12:33.0750 7476 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys

13:12:33.0750 7476 bvrp_pci - ok

13:12:33.0750 7476 catchme - ok

13:12:33.0828 7476 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:12:33.0828 7476 cbidf - ok

13:12:33.0875 7476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:12:33.0875 7476 cbidf2k - ok

13:12:33.0953 7476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:12:33.0953 7476 CCDECODE - ok

13:12:34.0015 7476 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:12:34.0015 7476 cd20xrnt - ok

13:12:34.0078 7476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:12:34.0078 7476 Cdaudio - ok

13:12:34.0109 7476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:12:34.0109 7476 Cdfs - ok

13:12:34.0156 7476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:12:34.0156 7476 Cdrom - ok

13:12:34.0187 7476 Changer - ok

13:12:34.0250 7476 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:12:34.0250 7476 CmdIde - ok

13:12:34.0328 7476 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:12:34.0328 7476 Cpqarray - ok

13:12:34.0453 7476 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

13:12:34.0453 7476 ctsfm2k - ok

13:12:34.0500 7476 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:12:34.0500 7476 dac2w2k - ok

13:12:34.0546 7476 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:12:34.0562 7476 dac960nt - ok

13:12:34.0625 7476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:12:34.0625 7476 Disk - ok

13:12:34.0718 7476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:12:34.0734 7476 dmboot - ok

13:12:34.0843 7476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:12:34.0859 7476 dmio - ok

13:12:34.0921 7476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:12:34.0921 7476 dmload - ok

13:12:34.0984 7476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:12:34.0984 7476 DMusic - ok

13:12:35.0031 7476 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:12:35.0031 7476 dpti2o - ok

13:12:35.0093 7476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:12:35.0093 7476 drmkaud - ok

13:12:35.0171 7476 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

13:12:35.0171 7476 drvmcdb - ok

13:12:35.0218 7476 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

13:12:35.0218 7476 drvnddm - ok

13:12:35.0328 7476 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

13:12:35.0328 7476 DSproct - ok

13:12:35.0421 7476 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:12:35.0421 7476 E100B - ok

13:12:35.0546 7476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:12:35.0562 7476 Fastfat - ok

13:12:35.0609 7476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:12:35.0609 7476 Fdc - ok

13:12:35.0671 7476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:12:35.0671 7476 Fips - ok

13:12:35.0750 7476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:12:35.0750 7476 Flpydisk - ok

13:12:35.0828 7476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:12:35.0828 7476 FltMgr - ok

13:12:35.0890 7476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:12:35.0890 7476 Fs_Rec - ok

13:12:35.0937 7476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:12:35.0937 7476 Ftdisk - ok

13:12:36.0015 7476 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:12:36.0015 7476 GEARAspiWDM - ok

13:12:36.0093 7476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:12:36.0093 7476 Gpc - ok

13:12:36.0140 7476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:12:36.0140 7476 HDAudBus - ok

13:12:36.0171 7476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:12:36.0187 7476 HidUsb - ok

13:12:36.0250 7476 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:12:36.0250 7476 hpn - ok

13:12:36.0375 7476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:12:36.0375 7476 HTTP - ok

13:12:36.0453 7476 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:12:36.0453 7476 i2omgmt - ok

13:12:36.0500 7476 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:12:36.0500 7476 i2omp - ok

13:12:36.0546 7476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:12:36.0562 7476 i8042prt - ok

13:12:36.0609 7476 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys

13:12:36.0625 7476 iastor - ok

13:12:36.0718 7476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:12:36.0718 7476 Imapi - ok

13:12:36.0781 7476 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:12:36.0781 7476 ini910u - ok

13:12:36.0890 7476 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

13:12:36.0906 7476 IntelC51 - ok

13:12:36.0937 7476 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

13:12:36.0953 7476 IntelC52 - ok

13:12:36.0984 7476 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

13:12:36.0984 7476 IntelC53 - ok

13:12:37.0031 7476 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:12:37.0031 7476 IntelIde - ok

13:12:37.0125 7476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:12:37.0125 7476 intelppm - ok

13:12:37.0203 7476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:12:37.0203 7476 Ip6Fw - ok

13:12:37.0265 7476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:12:37.0265 7476 IpFilterDriver - ok

13:12:37.0328 7476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:12:37.0328 7476 IpInIp - ok

13:12:37.0437 7476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:12:37.0437 7476 IpNat - ok

13:12:37.0468 7476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:12:37.0484 7476 IPSec - ok

13:12:37.0531 7476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:12:37.0531 7476 IRENUM - ok

13:12:37.0578 7476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:12:37.0578 7476 isapnp - ok

13:12:37.0609 7476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:12:37.0609 7476 Kbdclass - ok

13:12:37.0640 7476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:12:37.0640 7476 kbdhid - ok

13:12:37.0671 7476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:12:37.0671 7476 kmixer - ok

13:12:37.0718 7476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:12:37.0734 7476 KSecDD - ok

13:12:37.0796 7476 lbrtfdc - ok

13:12:37.0828 7476 mcdbus - ok

13:12:37.0921 7476 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

13:12:37.0921 7476 mferkdk - ok

13:12:38.0015 7476 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

13:12:38.0015 7476 mfesmfk - ok

13:12:38.0062 7476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:12:38.0062 7476 mnmdd - ok

13:12:38.0125 7476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:12:38.0125 7476 Modem - ok

13:12:38.0171 7476 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:12:38.0171 7476 MODEMCSA - ok

13:12:38.0203 7476 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

13:12:38.0203 7476 mohfilt - ok

13:12:38.0234 7476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:12:38.0234 7476 Mouclass - ok

13:12:38.0312 7476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:12:38.0312 7476 mouhid - ok

13:12:38.0359 7476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:12:38.0359 7476 MountMgr - ok

13:12:38.0406 7476 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:12:38.0406 7476 mraid35x - ok

13:12:38.0546 7476 mrtRate (6075de2ad531f6e30c9995dfda22001f) C:\WINDOWS\system32\drivers\mrtRate.sys

13:12:38.0546 7476 mrtRate - ok

13:12:38.0593 7476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:12:38.0593 7476 MRxDAV - ok

13:12:38.0671 7476 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:12:38.0687 7476 MRxSmb - ok

13:12:38.0718 7476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:12:38.0718 7476 Msfs - ok

13:12:38.0781 7476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:12:38.0781 7476 MSKSSRV - ok

13:12:38.0859 7476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:12:38.0859 7476 MSPCLOCK - ok

13:12:38.0921 7476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:12:38.0921 7476 MSPQM - ok

13:12:39.0015 7476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:12:39.0015 7476 mssmbios - ok

13:12:39.0046 7476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:12:39.0046 7476 MSTEE - ok

13:12:39.0156 7476 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:12:39.0156 7476 Mup - ok

13:12:39.0234 7476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:12:39.0234 7476 NABTSFEC - ok

13:12:39.0328 7476 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys

13:12:39.0328 7476 NAL - ok

13:12:39.0437 7476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:12:39.0437 7476 NDIS - ok

13:12:39.0484 7476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:12:39.0484 7476 NdisIP - ok

13:12:39.0609 7476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:12:39.0609 7476 NdisTapi - ok

13:12:39.0687 7476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:12:39.0687 7476 Ndisuio - ok

13:12:39.0718 7476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:12:39.0718 7476 NdisWan - ok

13:12:39.0812 7476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:12:39.0812 7476 NDProxy - ok

13:12:39.0875 7476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:12:39.0875 7476 NetBIOS - ok

13:12:39.0937 7476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:12:39.0937 7476 NetBT - ok

13:12:40.0046 7476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:12:40.0046 7476 Npfs - ok

13:12:40.0093 7476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:12:40.0109 7476 Ntfs - ok

13:12:40.0140 7476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:12:40.0140 7476 Null - ok

13:12:40.0281 7476 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:12:40.0343 7476 nv - ok

13:12:40.0421 7476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:12:40.0421 7476 NwlnkFlt - ok

13:12:40.0500 7476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:12:40.0500 7476 NwlnkFwd - ok

13:12:40.0593 7476 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

13:12:40.0593 7476 omci - ok

13:12:40.0671 7476 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

13:12:40.0671 7476 ossrv - ok

13:12:40.0734 7476 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys

13:12:40.0750 7476 P17 - ok

13:12:40.0843 7476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:12:40.0843 7476 Parport - ok

13:12:40.0906 7476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:12:40.0906 7476 PartMgr - ok

13:12:40.0953 7476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:12:40.0953 7476 ParVdm - ok

13:12:41.0000 7476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:12:41.0015 7476 PCI - ok

13:12:41.0125 7476 PCIDump - ok

13:12:41.0234 7476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:12:41.0234 7476 PCIIde - ok

13:12:41.0390 7476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:12:41.0390 7476 Pcmcia - ok

13:12:41.0437 7476 PDCOMP - ok

13:12:41.0546 7476 PDFRAME - ok

13:12:41.0609 7476 PDRELI - ok

13:12:41.0640 7476 PDRFRAME - ok

13:12:41.0750 7476 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:12:41.0750 7476 perc2 - ok

13:12:41.0843 7476 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:12:41.0843 7476 perc2hib - ok

13:12:41.0968 7476 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

13:12:41.0968 7476 pfc - ok

13:12:42.0046 7476 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

13:12:42.0046 7476 PfModNT - ok

13:12:42.0140 7476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:12:42.0140 7476 PptpMiniport - ok

13:12:42.0171 7476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:12:42.0171 7476 PSched - ok

13:12:42.0203 7476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:12:42.0203 7476 Ptilink - ok

13:12:42.0296 7476 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:12:42.0296 7476 PxHelp20 - ok

13:12:42.0343 7476 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:12:42.0343 7476 ql1080 - ok

13:12:42.0375 7476 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:12:42.0390 7476 Ql10wnt - ok

13:12:42.0468 7476 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:12:42.0468 7476 ql12160 - ok

13:12:42.0531 7476 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:12:42.0531 7476 ql1240 - ok

13:12:42.0578 7476 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:12:42.0578 7476 ql1280 - ok

13:12:42.0640 7476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:12:42.0640 7476 RasAcd - ok

13:12:42.0734 7476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:12:42.0734 7476 Rasl2tp - ok

13:12:42.0765 7476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:12:42.0781 7476 RasPppoe - ok

13:12:42.0812 7476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:12:42.0812 7476 Raspti - ok

13:12:42.0906 7476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:12:42.0906 7476 Rdbss - ok

13:12:42.0953 7476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sy@

13:12:42.0953 7476 RDPCDD - ok

13:12:43.0031 7476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:12:43.0046 7476 rdpdr - ok

13:12:43.0140 7476 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:12:43.0140 7476 RDPWD - ok

13:12:43.0203 7476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:12:43.0203 7476 redbook - ok

13:12:43.0296 7476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:12:43.0296 7476 Secdrv - ok

13:12:43.0437 7476 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:12:43.0437 7476 serenum - ok

13:12:43.0546 7476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:12:43.0546 7476 Serial - ok

13:12:43.0593 7476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:12:43.0593 7476 Sfloppy - ok

13:12:43.0625 7476 Simbad - ok

13:12:43.0718 7476 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:12:43.0718 7476 sisagp - ok

13:12:43.0765 7476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:12:43.0765 7476 SLIP - ok

13:12:43.0859 7476 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:12:43.0859 7476 Sparrow - ok

13:12:43.0968 7476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:12:43.0968 7476 splitter - ok

13:12:44.0046 7476 SQTECH905C (e3879c514f59402e1a7ce58a5511816f) C:\WINDOWS\system32\Drivers\Capt905c.sys

13:12:44.0046 7476 SQTECH905C - ok

13:12:44.0093 7476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:12:44.0093 7476 sr - ok

13:12:44.0187 7476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:12:44.0187 7476 Srv - ok

13:12:44.0250 7476 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

13:12:44.0250 7476 sscdbhk5 - ok

13:12:44.0343 7476 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

13:12:44.0359 7476 ssrtln - ok

13:12:44.0484 7476 STHDA (6b14c6e98f752ebbab24a4e0bd0f3a24) C:\WINDOWS\system32\drivers\sthda.sys

13:12:44.0484 7476 STHDA - ok

13:12:44.0578 7476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:12:44.0578 7476 streamip - ok

13:12:44.0640 7476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:12:44.0640 7476 swenum - ok

13:12:44.0671 7476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:12:44.0671 7476 swmidi - ok

13:12:44.0734 7476 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:12:44.0750 7476 symc810 - ok

13:12:44.0812 7476 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:12:44.0812 7476 symc8xx - ok

13:12:44.0890 7476 symsnap (c9273531eac75ee225e3170fb6107fa3) C:\WINDOWS\system32\DRIVERS\symsnap.sys

13:12:44.0890 7476 symsnap - ok

13:12:44.0953 7476 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:12:44.0953 7476 sym_hi - ok

13:12:45.0015 7476 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:12:45.0015 7476 sym_u3 - ok

13:12:45.0093 7476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:12:45.0093 7476 sysaudio - ok

13:12:45.0203 7476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:12:45.0203 7476 Tcpip - ok

13:12:45.0281 7476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:12:45.0281 7476 TDPIPE - ok

13:12:45.0328 7476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:12:45.0359 7476 TDTCP - ok

13:12:45.0406 7476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:12:45.0406 7476 TermDD - ok

13:12:45.0515 7476 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

13:12:45.0515 7476 tfsnboio - ok

13:12:45.0546 7476 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

13:12:45.0546 7476 tfsncofs - ok

13:12:45.0578 7476 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

13:12:45.0578 7476 tfsndrct - ok

13:12:45.0625 7476 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

13:12:45.0625 7476 tfsndres - ok

13:12:45.0640 7476 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

13:12:45.0656 7476 tfsnifs - ok

13:12:45.0671 7476 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

13:12:45.0687 7476 tfsnopio - ok

13:12:45.0718 7476 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

13:12:45.0718 7476 tfsnpool - ok

13:12:45.0750 7476 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

13:12:45.0750 7476 tfsnudf - ok

13:12:45.0828 7476 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

13:12:45.0843 7476 tfsnudfa - ok

13:12:45.0890 7476 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:12:45.0890 7476 TosIde - ok

13:12:46.0000 7476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:12:46.0000 7476 Udfs - ok

13:12:46.0062 7476 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:12:46.0062 7476 ultra - ok

13:12:46.0171 7476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:12:46.0187 7476 Update - ok

13:12:46.0281 7476 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

13:12:46.0281 7476 USBAAPL - ok

13:12:46.0390 7476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:12:46.0390 7476 usbccgp - ok

13:12:46.0484 7476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:12:46.0484 7476 usbehci - ok

13:12:46.0515 7476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:12:46.0515 7476 usbhub - ok

13:12:46.0562 7476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:12:46.0578 7476 usbprint - ok

13:12:46.0671 7476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:12:46.0687 7476 usbscan - ok

13:12:46.0765 7476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:12:46.0765 7476 USBSTOR - ok

13:12:46.0906 7476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:12:46.0921 7476 usbuhci - ok

13:12:46.0953 7476 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

13:12:46.0953 7476 USB_RNDIS - ok

13:12:47.0046 7476 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys

13:12:47.0046 7476 v2imount - ok

13:12:47.0078 7476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:12:47.0078 7476 VgaSave - ok

13:12:47.0156 7476 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:12:47.0156 7476 viaagp - ok

13:12:47.0203 7476 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:12:47.0203 7476 ViaIde - ok

13:12:47.0312 7476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:12:47.0312 7476 VolSnap - ok

13:12:47.0359 7476 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys

13:12:47.0359 7476 VProEventMonitor - ok

13:12:47.0421 7476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:12:47.0421 7476 Wanarp - ok

13:12:47.0515 7476 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

13:12:47.0515 7476 wanatw - ok

13:12:47.0546 7476 WDICA - ok

13:12:47.0578 7476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:12:47.0593 7476 wdmaud - ok

13:12:47.0640 7476 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys

13:12:47.0640 7476 WimFltr - ok

13:12:47.0734 7476 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys

13:12:47.0734 7476 WinDriver6 - ok

13:12:47.0859 7476 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

13:12:47.0859 7476 WpdUsb - ok

13:12:47.0921 7476 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:12:47.0921 7476 WS2IFSL - ok

13:12:47.0968 7476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:12:47.0968 7476 WSTCODEC - ok

13:12:48.0078 7476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:12:48.0078 7476 WudfPf - ok

13:12:48.0140 7476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:12:48.0140 7476 WudfRd - ok

13:12:48.0171 7476 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0

13:12:48.0203 7476 \Device\Harddisk0\DR0 - ok

13:12:48.0203 7476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1

13:12:48.0203 7476 \Device\Harddisk1\DR1 - ok

13:12:48.0218 7476 Boot (0x1200) (750a31ed83f6b4d7ea53cc00c6315a26) \Device\Harddisk0\DR0\Partition0

13:12:48.0234 7476 \Device\Harddisk0\DR0\Partition0 - ok

13:12:48.0234 7476 Boot (0x1200) (fe5a37ecfc9d550099d7fe5d7d31efb7) \Device\Harddisk1\DR1\Partition0

13:12:48.0234 7476 \Device\Harddisk1\DR1\Partition0 - ok

13:12:48.0234 7476 ============================================================

13:12:48.0234 7476 Scan finished

13:12:48.0234 7476 ============================================================

13:12:48.0234 7988 Detected object count: 0

13:12:48.0234 7988 Actual detected object count: 0

Link to post
Share on other sites

OK, that was a much better run of TDSSKILLER.

The following is adapted from a post by Grinler at BC forum:

The malware may have disabled menu items from appearing on the Windows XP Start menu.

The start button for Windows XP looks like windows-xp.jpg.

To add these items back, please Right-click on the Start button and select Properties.

You will now be at the Taskbar and Start Menu Properties screen. Select the Start Menu tab and then click on the Customize button. If in Windows XP, you will now need to click on the Advanced tab. You will now be presented with a variety of menus and shortcuts that can be added back to the Windows Start Menu.

Please select the various items you would like to add and then click on the OK button. Then press the Apply button and close the Start Menu properties screen.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.