Jump to content

Missing Desktop Icons/Empty Start Menu & Folders

cwjme

By cwjme
in Resolved Malware Removal Logs

 Share

Recommended Posts

cwjme

cwjme

Posted
Posted

Hi,

Desktop is clear of icons, Start Menu and folders empty. Tried running Malwarebytes from flash drive without luck. Started in Safe Mode but Malwarebytes failed on install.

Ran and am including DDS files.

Thank-you for your help.

Chris

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 10:15:47 on 2012-03-23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.3024 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\WINDOWS\system32\igfxsrvc.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [WinDVR SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237904923229

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://portal.llbean.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {4761C70A-A938-4A19-8E9D-CED94F4858E5} - rundll32.exe "c:\documents and settings\brian johnson\application data\sun\htqx2.dll", UnregisterDll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\19zfxalv.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-1 11608]

S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2011-5-10 279552]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-1 136360]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-1 269480]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-1 66616]

S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2011-5-10 25984]

S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2009-12-28 906368]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-20 39984]

.

=============== Created Last 30 ================

.

2012-03-23 14:15:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe

2012-03-21 00:56:58 860672 ----a-w- c:\documents and settings\all users\application data\isecurity.exe

2012-03-21 00:36:13 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

.

==================== Find3M ====================

.

2012-03-23 14:12:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-10 13:35:14 365104 ---ha-w- c:\documents and settings\all users\application data\Vk3rxx1jwxy8pD.exe

.

============= FINISH: 10:17:07.17 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/23/2010 4:15:28 PM

System Uptime: 3/23/2012 10:13:22 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0RY007

Processor: Intel Pentium III Xeon processor | Socket 775 | 2660/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 586 GiB total, 344.536 GiB free.

D: is Removable

E: is Removable

F: is Removable

G: is Removable

H: is FIXED (NTFS) - 10 GiB total, 4.737 GiB free.

I: is CDROM ()

J: is CDROM (CDFS)

L: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP445: 10/13/2011 6:08:23 AM - System Checkpoint

RP446: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0

RP447: 10/15/2011 3:00:16 AM - Software Distribution Service 3.0

RP448: 10/16/2011 3:07:59 AM - System Checkpoint

RP449: 10/17/2011 4:07:58 AM - System Checkpoint

RP450: 10/18/2011 5:36:00 AM - System Checkpoint

RP451: 10/19/2011 7:21:24 AM - System Checkpoint

RP452: 10/20/2011 7:28:42 AM - System Checkpoint

RP453: 10/21/2011 7:52:39 AM - System Checkpoint

RP454: 10/22/2011 10:34:24 AM - System Checkpoint

RP455: 10/23/2011 11:49:35 AM - System Checkpoint

RP456: 10/24/2011 2:16:55 PM - System Checkpoint

RP457: 10/25/2011 4:20:13 PM - System Checkpoint

RP458: 10/26/2011 4:52:48 PM - System Checkpoint

RP459: 10/27/2011 7:40:52 PM - System Checkpoint

RP460: 10/28/2011 7:49:30 PM - System Checkpoint

RP461: 10/29/2011 10:09:56 PM - System Checkpoint

RP462: 10/30/2011 11:34:11 PM - System Checkpoint

RP463: 10/31/2011 11:36:39 PM - System Checkpoint

RP464: 11/2/2011 1:37:46 AM - System Checkpoint

RP465: 11/3/2011 2:36:40 AM - System Checkpoint

RP466: 11/4/2011 3:12:40 AM - System Checkpoint

RP467: 11/5/2011 4:43:10 AM - System Checkpoint

RP468: 11/6/2011 4:31:32 AM - System Checkpoint

RP469: 11/7/2011 4:35:12 AM - System Checkpoint

RP470: 11/8/2011 5:57:13 AM - System Checkpoint

RP471: 11/10/2011 9:07:16 PM - System Checkpoint

RP472: 11/11/2011 3:00:17 AM - Software Distribution Service 3.0

RP473: 11/12/2011 3:03:47 AM - System Checkpoint

RP474: 11/14/2011 9:47:13 PM - System Checkpoint

RP475: 11/15/2011 10:32:53 PM - System Checkpoint

RP476: 11/17/2011 12:49:21 AM - System Checkpoint

RP477: 11/18/2011 2:08:06 AM - System Checkpoint

RP478: 11/22/2011 11:49:48 AM - System Checkpoint

RP479: 11/23/2011 3:39:44 PM - System Checkpoint

RP480: 11/24/2011 7:05:00 PM - System Checkpoint

RP481: 11/25/2011 7:20:08 PM - System Checkpoint

RP482: 11/26/2011 7:37:24 PM - System Checkpoint

RP483: 11/27/2011 9:11:15 PM - System Checkpoint

RP484: 11/28/2011 10:28:36 PM - System Checkpoint

RP485: 11/29/2011 11:58:54 PM - System Checkpoint

RP486: 12/1/2011 12:54:55 AM - System Checkpoint

RP487: 12/2/2011 2:56:14 AM - System Checkpoint

RP488: 12/3/2011 3:03:46 AM - System Checkpoint

RP489: 12/4/2011 5:42:34 AM - System Checkpoint

RP490: 12/5/2011 7:57:54 AM - System Checkpoint

RP491: 12/6/2011 8:19:27 AM - System Checkpoint

RP492: 12/7/2011 9:58:47 PM - System Checkpoint

RP493: 12/8/2011 10:16:08 PM - System Checkpoint

RP494: 12/10/2011 12:24:35 AM - System Checkpoint

RP495: 12/11/2011 2:51:29 AM - System Checkpoint

RP496: 12/12/2011 4:09:54 AM - System Checkpoint

RP497: 12/13/2011 10:57:47 AM - System Checkpoint

RP498: 12/18/2011 1:58:28 PM - Software Distribution Service 3.0

RP499: 12/21/2011 7:19:47 AM - System Checkpoint

RP500: 12/22/2011 10:00:37 AM - System Checkpoint

RP501: 12/26/2011 6:03:52 PM - Installed iTunes

RP502: 12/27/2011 8:17:50 PM - System Checkpoint

RP503: 12/28/2011 9:17:29 PM - System Checkpoint

RP504: 12/30/2011 2:50:38 PM - System Checkpoint

RP505: 12/31/2011 4:59:17 PM - System Checkpoint

RP506: 1/1/2012 5:43:31 PM - System Checkpoint

RP507: 1/1/2012 6:12:50 PM - Installed Router

RP508: 1/2/2012 6:31:11 PM - System Checkpoint

RP509: 1/3/2012 7:13:37 PM - System Checkpoint

RP510: 1/5/2012 6:51:40 PM - System Checkpoint

RP511: 1/6/2012 6:56:04 PM - System Checkpoint

RP512: 1/7/2012 7:56:05 PM - System Checkpoint

RP513: 1/8/2012 7:56:40 PM - System Checkpoint

RP514: 1/9/2012 8:56:25 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.3

Adobe Shockwave Player 11.5

AIM 6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avidemux 2.5

Avira AntiVir Personal - Free Antivirus

Bonjour

Brother MFL-Pro Suite

CCH Small Firm Services (xulRunner)

CCleaner (remove only)

Compatibility Pack for the 2007 Office system

Conexant D850 PCI V.92 Modem

Content Transfer

ConvertHelper 2.2

Corel Paint Shop Pro X

DeductionPro 2009

Dell ResourceCD

Digital Line Detect

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Download Updater (AOL LLC)

eDATA Unerase

Free Video Converter V 2.92

FrostWire 4.21.3

FrostWire 5.0.7

FxFoto by Triscape

Giganews Accelerator

Google Earth

H&R Block Business 2009 (Remove Only)

H&R Block Deluxe + Efile + State 2010

H&R Block Maine 2009

H&R Block Maine 2010

H&R Block Premium + Efile + State 2009

honestech TVR

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Hulu Downloader 2.4.5.8

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections 12.1.12.0

InterActual Player

InterVideo DeviceService

InterVideo WinDVR 3

iriver Firmware Updater (remove only)

iTunes

Java Auto Updater

Java 6 Update 26

Juniper Networks Setup Client Activex Control

K-Lite Codec Pack 7.1.0 (Basic)

Linksys EasyLink Advisor

Malwarebytes' Anti-Malware version 1.51.0.1200

MetaProducts Offline Explorer Pro

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows XP Video Decoder Checkup Utility

MobileMe Control Panel

Mozilla Firefox (3.6.25)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

NWZ-S540 WALKMAN Guide

PaperPort

PCFriendly

Pdf995 (installed by H&R Block)

PdfEdit995 (installed by H&R Block)

PIXresizer 2.0.1

Pure Networks Platform

QuickTime

Realtek High Definition Audio Driver

Safari

Seagate Dashboard

SeaWorld Adventure Park Tycoon

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SmartSound Quicktracks Plugin

Sony USB Driver

Sothink FLV Player

Spotify

Spybot - Search & Destroy

TaxCut Business 2008 (Remove Only)

TaxCut Maine 2008

TaxCut Premium + State + Efile 2008

Triscape FxFoto

Ulead VideoStudio 10

Uninstall 1.0.0.1

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

virtualStudio 1.0.36

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

WinRAR 4.01 (32-bit)

WorldWinner Games

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

3/20/2012 8:36:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss ssmdrv Tcpip WudfPf

3/20/2012 8:36:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

3/20/2012 8:36:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/20/2012 8:36:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/20/2012 8:36:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

3/20/2012 8:36:43 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/20/2012 8:36:43 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/20/2012 8:36:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

3/20/2012 8:36:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/20/2012 8:36:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

3/19/2012 6:48:47 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

3/19/2012 1:22:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: WudfPf

3/19/2012 1:22:07 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.

3/19/2012 1:22:07 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.

3/19/2012 1:21:55 PM, error: SRService [104] - The System Restore initialization process failed.

3/18/2012 8:36:50 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001D099D3531 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Chris! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Use Normal mode for the following steps.

Step 1

Please uninstall the following applications: FrostWire 4.21.3 and FrostWire 5.0.7 , because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Step 3

Why you trying to install Malwarebytes' Anti-Malware? You still have it: Malwarebytes' Anti-Malware version 1.51.0.1200.

Follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434002

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: v0000.00.00.00

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Chris :: HOME [administrator]

3/23/2012 8:43:16 PM

mbam-log-2012-03-23 (20-43-16).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198446

Time elapsed: 2 hour(s), 41 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

******************************************************************************************************************************************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 9:20:29 on 2012-03-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.3035 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [WinDVR SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237904923229

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://portal.llbean.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {4761C70A-A938-4A19-8E9D-CED94F4858E5} - rundll32.exe "c:\documents and settings\brian johnson\application data\sun\htqx2.dll", UnregisterDll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\19zfxalv.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-1 11608]

S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2011-5-10 279552]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-1 136360]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-1 269480]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-1 66616]

S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2011-5-10 25984]

S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2009-12-28 906368]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]

.

=============== Created Last 30 ================

.

2012-03-23 14:15:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe

2012-03-21 00:36:13 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

.

==================== Find3M ====================

.

2012-03-23 14:12:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

.

============= FINISH: 9:20:40.98 ===============

I tried reinstalling Malwarebytes because I couldn't see the original file to run it. I thought if I reinstalled it I could run it successfully.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Something is wrong with your log file. Please do the following:

Step 1


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Chris :: HOME [administrator]

3/24/2012 5:54:08 PM

mbam-log-2012-03-24 (17-54-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 292206

Time elapsed: 28 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4761C70A-A938-4A19-8E9D-CED94F4858E5} (Trojan.Ambler) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{4761C70A-A938-4A19-8E9D-CED94F4858E5} (Trojan.Ambler) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Brian Johnson\Local Settings\Application Data\slv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Brian Johnson\Local Settings\Application Data\slv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Brian Johnson\Local Settings\Application Data\slv.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 11

C:\Documents and Settings\Brian Johnson\Local Settings\temp\0.25033541696070427.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Local Settings\temp\1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Local Settings\temp\jar_cache9083930586224220044.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\hdd32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Local Settings\Application Data\slv.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Application Data\Sun\ddee.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Application Data\Sun\mnj.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Application Data\Sun\mxd1.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Application Data\Sun\ppkk.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brian Johnson\Application Data\Sun\uuoo.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\jleq0.6215573607509476.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.

(end)

************************************************************************************************************************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Chris at 18:28:23 on 2012-03-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2697 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\java.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.15)_Gecko/20110303_Firefox/3.6.15_(_.NET_CLR_3.5.30729)" -"http://www.candystand.com/play-random-game?utm_source=adon_113643_301&utm_medium=cpc&utm_campaign=test#"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [WinDVR SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: + Offline &Explorer: Download the link - file://c:\documents and settings\chris\desktop\misc\programs\offline explorer pro\offline explorer enterprise\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\documents and settings\chris\desktop\misc\programs\offline explorer pro\offline explorer enterprise\Add_AllO.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: llbean.com

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237904923229

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://portal.llbean.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\65yumn1j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: XULRunner: {83FEA686-C28B-437B-B276-01A4D5FB1548} - c:\documents and settings\chris\local settings\application data\{83FEA686-C28B-437B-B276-01A4D5FB1548}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-1 11608]

R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2011-5-10 279552]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-1 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-1 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-1 66616]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2011-5-10 25984]

S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2009-12-28 906368]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]

.

=============== Created Last 30 ================

.

2012-03-24 21:53:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-24 21:53:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-03-24 22:24:44 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

.

============= FINISH: 18:29:34.01 ===============

I can now see my desktop icons.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Very good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

It just completed a few minutes ago. The file is huge, so I'm trying to split it.

ComboFix 12-03-22.01 - Chris 03/24/2012 21:18:20.12.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2887 [GMT -4:00]

Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

c:\windows\$NtUninstallKB9954$\2711218773

c:\windows\$NtUninstallKB9954$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))

.

.

2012-03-25 00:04 . 2008-04-14 04:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-03-24 21:53 . 2012-03-24 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-24 21:53 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 14:15 . 2012-03-23 14:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2012-03-21 00:36 . 2012-03-21 00:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-03-21 00:28 . 2012-03-21 00:28 -------- d-----w- c:\documents and settings\Chris\Application Data\U3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((( SnapShot_2010-06-18_21.17.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

- 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2007-11-07 02:51 . 2007-11-07 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll

- 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll

+ 2007-11-07 02:51 . 2007-11-07 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll

- 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll

+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll

+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll

+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll

+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\escndvrs.dll

+ 2011-11-15 16:05 . 2005-08-29 05:00 98304 c:\windows\twain_32\ESCNDV\ES0054\FFMT\espimtif.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eptifres.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 94208 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eptif.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eppitres.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 86016 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eppit.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eppijres.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 86016 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eppij.dll

+ 2011-11-15 16:05 . 2006-04-17 05:00 49152 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eppdfres.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epmtfres.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 94208 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epmtf.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epjpgres.dll

+ 2011-11-15 16:05 . 2006-02-15 05:00 98304 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epipd.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 45056 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epbmpres.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 73728 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epbmp.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 40960 c:\windows\twain_32\ESCNDV\ES0054\estwm.exe

+ 2011-11-15 16:05 . 2005-09-27 05:00 53248 c:\windows\twain_32\ESCNDV\ES0054\esicm.dll

+ 2011-11-15 16:05 . 2003-12-09 05:00 53248 c:\windows\twain_32\ESCNDV\ES0054\esicemsk.dll

+ 2011-11-15 16:05 . 2003-07-28 05:00 65536 c:\windows\twain_32\ESCNDV\ES0054\esicelut.dll

+ 2011-11-15 16:05 . 2006-01-19 05:00 94208 c:\windows\twain_32\ESCNDV\ES0054\esdtr2.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 49152 c:\windows\twain_32\ESCNDV\ES0054\esdscl.dll

+ 2011-11-15 16:05 . 2006-03-10 05:00 77824 c:\windows\twain_32\ESCNDV\ES0054\esddc.dll

+ 2011-11-15 16:05 . 1999-12-07 07:03 73216 c:\windows\twain_32\ESCNDV\ES0054\ade.dll

+ 2012-03-25 11:40 . 2012-03-25 11:40 16384 c:\windows\temp\Perflib_Perfdata_62c.dat

- 2008-11-12 22:36 . 2004-08-12 14:07 15360 c:\windows\TASKMAN.EXE

+ 2004-08-12 14:07 . 2004-08-12 14:07 15360 c:\windows\taskman.exe

- 2007-07-31 00:19 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll

+ 2009-08-06 23:24 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll

+ 2005-01-28 18:44 . 2006-05-10 00:58 13312 c:\windows\system32\wpdtrace.dll

+ 2006-10-19 02:47 . 2009-01-31 00:35 38400 c:\windows\system32\wpdshextres.dll

- 2006-10-19 02:47 . 2006-10-19 01:47 38400 c:\windows\system32\wpdshextres.dll

+ 2006-10-19 01:00 . 2009-01-30 22:21 17408 c:\windows\system32\wpdshextautoplay.exe

- 2006-10-19 01:00 . 2006-10-19 01:00 17408 c:\windows\system32\wpdshextautoplay.exe

- 2005-01-28 18:44 . 2006-10-19 02:47 63488 c:\windows\system32\wpdmtpus.dll

+ 2005-01-28 18:44 . 2009-01-31 01:35 63488 c:\windows\system32\wpdmtpus.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 35840 c:\windows\system32\wpdconns.dll

+ 2005-01-28 18:44 . 2009-01-31 01:35 35840 c:\windows\system32\wpdconns.dll

+ 2009-03-22 04:25 . 1999-09-10 16:06 45056 c:\windows\system32\wnaspi32.dll

- 2009-03-22 04:25 . 2007-02-06 19:01 45056 c:\windows\system32\wnaspi32.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 99840 c:\windows\system32\wmpshell.dll

+ 2008-04-14 09:42 . 2009-01-31 00:34 99840 c:\windows\system32\wmpshell.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 37376 c:\windows\system32\wmdmps.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 37376 c:\windows\system32\wmdmps.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 33792 c:\windows\system32\wmdmlog.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 33792 c:\windows\system32\wmdmlog.dll

+ 2010-12-15 03:16 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll

- 2008-04-14 05:42 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud.drv

+ 2008-04-14 05:42 . 2008-04-14 09:51 23552 c:\windows\system32\wdmaud.drv

+ 2008-11-13 23:13 . 2008-04-14 09:42 53760 c:\windows\system32\vfwwdm32.dll

- 2008-11-13 23:13 . 2008-04-14 10:42 53760 c:\windows\system32\vfwwdm32.dll

- 2008-11-12 22:37 . 2008-04-14 10:42 74240 c:\windows\system32\usbui.dll

+ 2008-04-14 05:42 . 2008-04-14 09:51 74240 c:\windows\system32\usbui.dll

- 2008-04-14 09:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

+ 2008-04-14 09:42 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe

+ 2011-04-14 02:21 . 1998-07-13 04:00 21504 c:\windows\system32\TABCTFR.DLL

+ 2008-04-14 09:42 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll

+ 2010-06-23 20:04 . 2004-08-12 14:06 24661 c:\windows\system32\spxcoins.dll

- 2008-11-12 22:36 . 2004-08-12 14:06 24661 c:\windows\system32\spxcoins.dll

+ 2008-11-14 04:36 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe

+ 2008-04-14 09:42 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe

+ 2011-08-16 07:03 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll

- 2009-03-24 14:25 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll

- 2010-04-01 00:08 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

+ 2011-04-14 07:01 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll

+ 2011-12-26 22:59 . 2011-05-10 12:06 42496 c:\windows\system32\ReinstallBackups\0000\DriverFiles\usbaapl.sys

+ 2007-11-14 19:08 . 2010-08-12 04:07 68592 c:\windows\system32\pxinsa64.exe

+ 2008-11-23 04:31 . 2010-08-12 04:07 72176 c:\windows\system32\pxhpinst.exe

+ 2011-05-10 12:15 . 2008-06-17 07:10 61440 c:\windows\system32\Prop713x.dll

+ 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll

+ 2008-04-14 09:42 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll

+ 2004-08-12 14:03 . 2012-03-13 17:20 68834 c:\windows\system32\perfc009.dat

+ 2004-08-12 14:02 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll

- 2006-06-29 12:05 . 2006-06-29 12:05 23552 c:\windows\system32\normaliz.dll

+ 2006-06-29 12:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll

+ 2006-06-28 21:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll

- 2006-06-28 21:59 . 2006-06-28 21:59 24576 c:\windows\system32\nlsdl.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 11600 c:\windows\system32\mui\0409\mscorees.dll

+ 2008-04-14 09:42 . 2008-08-28 07:46 74752 c:\windows\system32\msw3prt.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 27136 c:\windows\system32\mspmsnsv.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 27136 c:\windows\system32\mspmsnsv.dll

+ 2008-04-14 09:42 . 2008-04-14 09:42 40960 c:\windows\system32\msiregmv.exe

+ 2008-04-14 01:56 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll

- 2008-04-14 01:56 . 2007-08-13 22:01 48128 c:\windows\system32\mshtmler.dll

+ 2008-04-14 09:42 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll

- 2008-04-14 09:42 . 2007-08-13 22:32 45568 c:\windows\system32\mshta.exe

+ 2008-04-14 09:42 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe

+ 2007-08-13 22:36 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe

+ 2007-08-13 22:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll

+ 2011-04-14 02:21 . 1998-07-13 04:00 59904 c:\windows\system32\Mscc2fr.dll

+ 2008-04-14 09:41 . 2011-11-04 19:20 43520 c:\windows\system32\licmgr10.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 11264 c:\windows\system32\LAPRXY.dll

+ 2008-04-14 09:41 . 2009-01-31 01:33 11264 c:\windows\system32\LAPRXY.dll

+ 2008-04-14 09:41 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll

+ 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows\system32\jdns_sd.dll

+ 2008-11-13 03:42 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll

- 2008-11-13 03:42 . 2008-04-14 09:41 81920 c:\windows\system32\isign32.dll

+ 2010-06-23 20:04 . 2004-08-12 13:58 13312 c:\windows\system32\irclass.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 13312 c:\windows\system32\irclass.dll

+ 2008-04-14 09:41 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll

+ 2008-04-14 09:41 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll

+ 2007-08-13 22:39 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe

+ 2008-04-14 09:41 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll

+ 2008-04-14 09:41 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll

+ 2006-06-29 12:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll

- 2006-06-29 12:05 . 2006-06-29 12:05 26112 c:\windows\system32\idndl.dll

- 2008-04-14 09:41 . 2008-04-14 09:41 80384 c:\windows\system32\iccvid.dll

+ 2008-04-14 09:41 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll

+ 2007-08-13 22:36 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll

+ 2008-04-14 09:41 . 2008-04-14 09:41 55808 c:\windows\system32\extmgr.dll

+ 2011-11-15 16:05 . 2006-03-22 05:00 64512 c:\windows\system32\eswia54.dll

+ 2011-11-15 16:05 . 2006-05-23 05:00 65793 c:\windows\system32\esfw54.bin

+ 2008-11-13 03:42 . 2010-06-23 20:11 22720 c:\windows\system32\emptyregdb.dat

+ 2006-05-10 00:57 . 2006-05-10 00:57 11264 c:\windows\system32\ehETW.dll

+ 2011-12-26 22:59 . 2011-05-10 12:06 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys

+ 2011-12-26 23:00 . 2011-05-10 12:06 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys

+ 2005-01-28 18:44 . 2009-01-30 22:20 38528 c:\windows\system32\drivers\wpdusb.sys

- 2005-01-28 18:44 . 2006-10-19 01:00 38528 c:\windows\system32\drivers\wpdusb.sys

+ 2011-05-10 12:20 . 2008-06-17 07:10 25984 c:\windows\system32\drivers\WDMTuner.sys

+ 2008-04-14 00:47 . 2008-04-14 09:51 83072 c:\windows\system32\drivers\wdmaud.sys

- 2008-11-13 03:56 . 2008-04-14 05:47 83072 c:\windows\system32\drivers\wdmaud.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 42240 c:\windows\system32\drivers\viaagp.sys

- 2008-04-14 04:15 . 2008-04-14 05:15 20608 c:\windows\system32\drivers\usbuhci.sys

+ 2008-04-14 04:15 . 2008-04-14 04:15 20608 c:\windows\system32\drivers\usbuhci.sys

- 2008-04-14 04:15 . 2008-04-14 05:15 59520 c:\windows\system32\drivers\usbhub.sys

+ 2008-04-14 04:15 . 2008-04-14 04:15 59520 c:\windows\system32\drivers\usbhub.sys

- 2008-04-14 04:15 . 2008-04-14 05:15 30208 c:\windows\system32\drivers\usbehci.sys

+ 2008-04-14 04:15 . 2008-04-14 04:15 30208 c:\windows\system32\drivers\usbehci.sys

- 2008-11-13 23:08 . 2008-04-14 05:15 32128 c:\windows\system32\drivers\usbccgp.sys

+ 2008-04-14 04:15 . 2008-04-14 04:15 32128 c:\windows\system32\drivers\usbccgp.sys

+ 2010-06-30 03:01 . 2011-05-10 12:06 42496 c:\windows\system32\drivers\usbaapl.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 44672 c:\windows\system32\drivers\uagp35.sys

- 2008-11-13 03:55 . 2008-04-14 05:45 60800 c:\windows\system32\drivers\sysaudio.sys

+ 2008-04-14 00:45 . 2008-04-14 09:51 60800 c:\windows\system32\drivers\sysaudio.sys

+ 2008-04-14 00:15 . 2008-04-14 09:51 56576 c:\windows\system32\drivers\swmidi.sys

- 2008-11-13 03:56 . 2008-04-14 05:15 56576 c:\windows\system32\drivers\swmidi.sys

+ 2008-04-14 04:16 . 2008-04-14 04:16 15232 c:\windows\system32\drivers\streamip.sys

- 2008-11-13 23:13 . 2008-04-14 05:16 15232 c:\windows\system32\drivers\StreamIP.sys

+ 2008-04-14 00:15 . 2008-04-14 09:51 49408 c:\windows\system32\drivers\stream.sys

- 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\drivers\stream.sys

+ 2008-04-14 04:16 . 2008-04-14 04:16 11136 c:\windows\system32\drivers\slip.sys

- 2008-11-13 23:13 . 2008-04-14 05:16 11136 c:\windows\system32\drivers\SLIP.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 40960 c:\windows\system32\drivers\sisagp.sys

+ 2007-11-14 08:00 . 2010-08-12 04:07 45648 c:\windows\system32\drivers\pxhelp20.sys

- 2008-04-14 04:10 . 2008-04-14 05:10 24960 c:\windows\system32\drivers\pciidex.sys

+ 2008-04-14 04:10 . 2008-04-14 04:10 24960 c:\windows\system32\drivers\pciidex.sys

- 2008-04-14 04:06 . 2008-04-14 05:06 68224 c:\windows\system32\drivers\pci.sys

+ 2008-04-14 04:06 . 2008-04-14 04:06 68224 c:\windows\system32\drivers\pci.sys

+ 2008-04-14 04:16 . 2008-04-14 04:16 61696 c:\windows\system32\drivers\ohci1394.sys

- 2009-03-01 01:44 . 2008-04-14 05:16 61696 c:\windows\system32\drivers\ohci1394.sys

+ 2008-04-14 04:27 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys

+ 2008-04-14 04:27 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys

- 2008-11-13 23:13 . 2008-04-14 05:16 10880 c:\windows\system32\drivers\NdisIP.sys

+ 2008-04-14 00:16 . 2008-04-14 09:51 10880 c:\windows\system32\drivers\ndisip.sys

- 2009-12-29 02:16 . 2008-04-14 05:16 15232 c:\windows\system32\drivers\MPE.sys

+ 2008-04-14 00:16 . 2008-04-14 09:51 15232 c:\windows\system32\drivers\mpe.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 46464 c:\windows\system32\drivers\gagp30kx.sys

- 2008-11-13 03:55 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys

+ 2008-04-14 00:15 . 2008-04-14 09:51 60160 c:\windows\system32\drivers\drmk.sys

+ 2008-04-14 04:10 . 2008-04-14 04:10 62976 c:\windows\system32\drivers\cdrom.sys

- 2008-04-14 04:10 . 2010-03-24 23:52 62976 c:\windows\system32\drivers\cdrom.sys

+ 2008-04-14 00:16 . 2008-04-14 09:51 11776 c:\windows\system32\drivers\bdasup.sys

- 2009-12-29 02:15 . 2008-04-14 05:16 11776 c:\windows\system32\drivers\BdaSup.sys

+ 2006-07-13 07:40 . 2006-07-13 07:40 48640 c:\windows\system32\drivers\B10USBDMB.sys

+ 2008-04-14 04:10 . 2008-04-14 04:10 96512 c:\windows\system32\drivers\atapi.sys

- 2008-04-14 04:10 . 2008-04-14 05:10 96512 c:\windows\system32\drivers\atapi.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 43008 c:\windows\system32\drivers\amdagp.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 42752 c:\windows\system32\drivers\alim1541.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 44928 c:\windows\system32\drivers\agpcpq.sys

+ 2008-04-14 00:06 . 2008-04-14 09:51 42368 c:\windows\system32\drivers\agp440.sys

+ 2008-04-14 04:16 . 2008-04-14 04:16 53376 c:\windows\system32\drivers\1394bus.sys

- 2009-03-01 01:44 . 2008-04-14 05:16 53376 c:\windows\system32\drivers\1394bus.sys

+ 2010-11-12 00:44 . 2010-11-12 00:44 94208 c:\windows\system32\dpl100.dll

+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows\system32\dnssd.dll

+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll

- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dnsrslvr.dll

+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows\system32\dns-sd.exe

+ 2010-11-16 16:13 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2008-04-14 09:42 . 2009-01-31 00:34 99840 c:\windows\system32\dllcache\wmpshell.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 99840 c:\windows\system32\dllcache\wmpshell.dll

+ 2008-11-13 03:42 . 2009-01-31 00:30 64512 c:\windows\system32\dllcache\wmplayer.exe

- 2008-11-13 03:42 . 2006-10-19 02:47 96256 c:\windows\system32\dllcache\wmpband.dll

+ 2008-11-13 03:42 . 2009-01-31 00:34 96256 c:\windows\system32\dllcache\wmpband.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 37376 c:\windows\system32\dllcache\wmdmps.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 37376 c:\windows\system32\dllcache\wmdmps.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 33792 c:\windows\system32\dllcache\wmdmlog.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 33792 c:\windows\system32\dllcache\wmdmlog.dll

- 2008-11-13 03:45 . 2002-09-03 17:11 31232 c:\windows\system32\dllcache\weitekp9.sys

+ 2010-06-23 20:15 . 2004-08-12 14:09 31232 c:\windows\system32\dllcache\weitekp9.sys

+ 2010-06-23 20:15 . 2004-08-12 14:09 41600 c:\windows\system32\dllcache\weitekp9.dll

- 2008-11-13 03:45 . 2002-09-03 17:11 41600 c:\windows\system32\dllcache\weitekp9.dll

+ 2008-11-13 03:42 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe

+ 2010-06-23 20:15 . 2004-08-12 14:08 48256 c:\windows\system32\dllcache\w32.dll

- 2008-11-13 03:45 . 2002-09-03 17:10 48256 c:\windows\system32\dllcache\w32.dll

- 2008-11-13 03:45 . 2008-04-14 09:41 86073 c:\windows\system32\dllcache\voicesub.dll

+ 2010-06-23 20:15 . 2008-04-14 09:41 86073 c:\windows\system32\dllcache\voicesub.dll

- 2008-11-13 23:13 . 2008-04-14 10:42 53760 c:\windows\system32\dllcache\vfwwdm32.dll

+ 2008-11-13 23:13 . 2008-04-14 09:42 53760 c:\windows\system32\dllcache\vfwwdm32.dll

+ 2008-04-14 05:42 . 2008-04-14 09:51 74240 c:\windows\system32\dllcache\usbui.dll

- 2008-11-12 22:37 . 2008-04-14 10:42 74240 c:\windows\system32\dllcache\usbui.dll

+ 2010-06-23 20:15 . 2008-04-14 09:41 76288 c:\windows\system32\dllcache\uniime.dll

- 2008-11-13 03:45 . 2008-04-14 09:41 76288 c:\windows\system32\dllcache\uniime.dll

+ 2010-06-23 20:15 . 2004-08-12 14:07 14336 c:\windows\system32\dllcache\tsprof.exe

- 2008-11-13 03:45 . 2002-09-03 17:07 14336 c:\windows\system32\dllcache\tsprof.exe

- 2008-11-13 03:45 . 2008-04-14 09:41 10240 c:\windows\system32\dllcache\tmigrate.dll

+ 2010-06-23 20:15 . 2008-04-14 09:41 10240 c:\windows\system32\dllcache\tmigrate.dll

+ 2010-06-23 20:15 . 2008-04-14 02:13 44032 c:\windows\system32\dllcache\tintlphr.exe

- 2008-11-13 03:45 . 2002-09-03 16:26 44032 c:\windows\system32\dllcache\tintlphr.exe

+ 2010-06-23 20:15 . 2004-08-12 14:07 19464 c:\windows\system32\dllcache\tdspx.sys

- 2008-11-13 03:45 . 2002-09-03 17:06 19464 c:\windows\system32\dllcache\tdspx.sys

+ 2010-06-23 20:15 . 2004-08-12 14:07 21896 c:\windows\system32\dllcache\tdipx.sys

- 2008-11-13 03:45 . 2002-09-03 17:06 21896 c:\windows\system32\dllcache\tdipx.sys

- 2008-11-13 03:45 . 2002-09-03 17:06 13192 c:\windows\system32\dllcache\tdasync.sys

+ 2010-06-23 20:15 . 2004-08-12 14:07 13192 c:\windows\system32\dllcache\tdasync.sys

- 2008-11-13 03:44 . 2003-03-24 21:52 16384 c:\windows\system32\dllcache\tcptsat.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 16384 c:\windows\system32\dllcache\tcptsat.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 32827 c:\windows\system32\dllcache\tcptest.exe

- 2008-11-13 03:44 . 2003-03-24 21:52 32827 c:\windows\system32\dllcache\tcptest.exe

+ 2004-08-12 14:07 . 2004-08-12 14:07 15360 c:\windows\system32\dllcache\taskman.exe

- 2008-11-12 22:36 . 2004-08-12 14:07 15360 c:\windows\system32\dllcache\taskman.exe

+ 2008-04-14 09:42 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll

- 2008-11-12 22:36 . 2004-08-12 14:06 24661 c:\windows\system32\dllcache\spxcoins.dll

+ 2010-06-23 20:04 . 2004-08-12 14:06 24661 c:\windows\system32\dllcache\spxcoins.dll

+ 2008-04-14 09:42 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

- 2008-11-13 03:45 . 2008-04-14 09:42 39936 c:\windows\system32\dllcache\snmpthrd.dll

+ 2010-06-23 20:15 . 2008-04-14 09:42 39936 c:\windows\system32\dllcache\snmpthrd.dll

- 2008-11-13 03:45 . 2002-09-03 17:03 10240 c:\windows\system32\dllcache\snmpstup.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 10240 c:\windows\system32\dllcache\snmpstup.dll

+ 2010-06-23 20:15 . 2008-04-14 09:42 33280 c:\windows\system32\dllcache\snmp.exe

- 2008-11-13 03:45 . 2008-04-14 09:42 33280 c:\windows\system32\dllcache\snmp.exe

+ 2010-06-23 20:15 . 2004-08-12 14:05 15872 c:\windows\system32\dllcache\smierrsm.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 15872 c:\windows\system32\dllcache\smierrsm.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 31744 c:\windows\system32\dllcache\smb6w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 31744 c:\windows\system32\dllcache\smb6w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 31744 c:\windows\system32\dllcache\sma3w.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 31744 c:\windows\system32\dllcache\sma3w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 38912 c:\windows\system32\dllcache\sm9aw.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 38912 c:\windows\system32\dllcache\sm9aw.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 26624 c:\windows\system32\dllcache\sm93w.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 26624 c:\windows\system32\dllcache\sm93w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 26624 c:\windows\system32\dllcache\sm92w.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 26624 c:\windows\system32\dllcache\sm92w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 26112 c:\windows\system32\dllcache\sm90w.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 26112 c:\windows\system32\dllcache\sm90w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 26112 c:\windows\system32\dllcache\sm8dw.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 26112 c:\windows\system32\dllcache\sm8dw.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 29184 c:\windows\system32\dllcache\sm8cw.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 29184 c:\windows\system32\dllcache\sm8cw.dll

- 2008-11-13 03:45 . 2002-09-03 17:01 26112 c:\windows\system32\dllcache\sm8aw.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 26112 c:\windows\system32\dllcache\sm8aw.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 26112 c:\windows\system32\dllcache\sm89w.dll

- 2008-11-13 03:45 . 2002-09-03 17:01 26112 c:\windows\system32\dllcache\sm89w.dll

- 2008-11-13 03:45 . 2002-09-03 17:01 30208 c:\windows\system32\dllcache\sm87w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 30208 c:\windows\system32\dllcache\sm87w.dll

- 2008-11-13 03:45 . 2002-09-03 17:01 30208 c:\windows\system32\dllcache\sm81w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 30208 c:\windows\system32\dllcache\sm81w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 25088 c:\windows\system32\dllcache\sm59w.dll

- 2008-11-13 03:45 . 2002-09-03 17:01 25088 c:\windows\system32\dllcache\sm59w.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 18944 c:\windows\system32\dllcache\simptcp.dll

- 2008-11-13 03:45 . 2002-09-03 16:59 18944 c:\windows\system32\dllcache\simptcp.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 16437 c:\windows\system32\dllcache\shtml.exe

+ 2010-06-23 20:14 . 2003-03-24 20:52 16437 c:\windows\system32\dllcache\shtml.exe

+ 2010-06-23 20:14 . 2003-03-24 20:52 20536 c:\windows\system32\dllcache\shtml.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 20536 c:\windows\system32\dllcache\shtml.dll

- 2008-11-13 03:45 . 2002-09-03 16:57 79872 c:\windows\system32\dllcache\rwia330.dll

+ 2010-06-23 20:15 . 2004-08-12 14:04 79872 c:\windows\system32\dllcache\rwia330.dll

- 2008-11-13 03:45 . 2002-09-03 16:57 79872 c:\windows\system32\dllcache\rwia001.dll

+ 2010-06-23 20:15 . 2004-08-12 14:04 79872 c:\windows\system32\dllcache\rwia001.dll

+ 2010-06-23 20:15 . 2008-04-14 09:42 29184 c:\windows\system32\dllcache\rw330ext.dll

- 2008-11-13 03:45 . 2008-04-14 09:42 29184 c:\windows\system32\dllcache\rw330ext.dll

- 2008-11-13 03:45 . 2008-04-14 09:42 27648 c:\windows\system32\dllcache\rw001ext.dll

+ 2010-06-23 20:15 . 2008-04-14 09:42 27648 c:\windows\system32\dllcache\rw001ext.dll

- 2008-11-13 03:45 . 2002-09-03 16:56 14848 c:\windows\system32\dllcache\register.exe

+ 2010-06-23 20:15 . 2004-08-12 14:04 14848 c:\windows\system32\dllcache\register.exe

+ 2010-06-23 20:15 . 2008-04-14 04:11 20736 c:\windows\system32\dllcache\ramdisk.sys

- 2008-11-13 03:45 . 2008-04-14 04:11 20736 c:\windows\system32\dllcache\ramdisk.sys

- 2008-11-13 03:45 . 2002-09-03 16:53 16384 c:\windows\system32\dllcache\quser.exe

+ 2010-06-23 20:15 . 2004-08-12 14:03 16384 c:\windows\system32\dllcache\quser.exe

+ 2008-04-14 09:42 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll

- 2008-11-13 03:45 . 2002-09-03 16:52 11264 c:\windows\system32\dllcache\pmxmcro.dll

+ 2010-06-23 20:15 . 2004-08-12 14:03 11264 c:\windows\system32\dllcache\pmxmcro.dll

- 2008-11-13 03:45 . 2008-04-14 09:40 67584 c:\windows\system32\dllcache\pmigrate.dll

+ 2010-06-23 20:15 . 2008-04-14 09:40 67584 c:\windows\system32\dllcache\pmigrate.dll

- 2008-11-13 03:45 . 2008-04-14 02:13 70144 c:\windows\system32\dllcache\pintlphr.exe

+ 2010-06-23 20:15 . 2008-04-14 02:13 70144 c:\windows\system32\dllcache\pintlphr.exe

+ 2010-06-23 20:15 . 2008-04-14 09:40 53760 c:\windows\system32\dllcache\pintlcsd.dll

- 2008-11-13 03:45 . 2008-04-14 09:40 53760 c:\windows\system32\dllcache\pintlcsd.dll

- 2008-11-13 03:45 . 2008-04-14 09:40 15360 c:\windows\system32\dllcache\padrs804.dll

+ 2010-06-23 20:15 . 2008-04-14 09:40 15360 c:\windows\system32\dllcache\padrs804.dll

- 2008-11-13 03:45 . 2002-09-03 16:25 14336 c:\windows\system32\dllcache\padrs412.dll

+ 2010-06-23 20:15 . 2004-08-12 13:58 14336 c:\windows\system32\dllcache\padrs412.dll

- 2008-11-13 03:45 . 2002-09-03 16:25 36927 c:\windows\system32\dllcache\padrs411.dll

+ 2010-06-23 20:15 . 2004-08-12 13:58 36927 c:\windows\system32\dllcache\padrs411.dll

- 2008-11-13 03:45 . 2008-04-14 09:40 15872 c:\windows\system32\dllcache\padrs404.dll

+ 2010-06-23 20:15 . 2008-04-14 09:40 15872 c:\windows\system32\dllcache\padrs404.dll

+ 2004-08-12 14:02 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2008-04-14 04:27 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys

+ 2008-04-14 04:27 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys

+ 2008-04-14 09:42 . 2008-08-28 07:46 74752 c:\windows\system32\dllcache\msw3prt.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 27136 c:\windows\system32\dllcache\mspmsnsv.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll

+ 2008-04-14 09:42 . 2008-04-14 09:42 40960 c:\windows\system32\dllcache\msiregmv.exe

- 2008-11-13 03:45 . 2008-04-14 09:42 40960 c:\windows\system32\dllcache\msiregmv.exe

+ 2010-06-23 20:14 . 2004-08-12 13:58 98304 c:\windows\system32\dllcache\msir3jp.dll

- 2008-11-13 03:45 . 2002-09-03 16:25 98304 c:\windows\system32\dllcache\msir3jp.dll

- 2008-04-14 01:56 . 2007-08-13 22:01 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2008-04-14 01:56 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2008-04-14 09:42 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2008-04-14 09:42 . 2007-08-13 22:32 45568 c:\windows\system32\dllcache\mshta.exe

+ 2008-04-14 09:42 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe

+ 2010-11-16 16:13 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-12 13:59 . 2004-08-12 13:59 34304 c:\windows\system32\dllcache\migisol.exe

- 2004-08-12 13:59 . 2002-09-03 16:41 34304 c:\windows\system32\dllcache\migisol.exe

- 2008-11-13 03:45 . 2002-09-03 16:41 92416 c:\windows\system32\dllcache\mga.sys

+ 2010-06-23 20:14 . 2004-08-12 13:59 92416 c:\windows\system32\dllcache\mga.sys

+ 2010-06-23 20:14 . 2004-08-12 13:59 92032 c:\windows\system32\dllcache\mga.dll

- 2008-11-13 03:45 . 2002-09-03 16:41 92032 c:\windows\system32\dllcache\mga.dll

- 2008-11-13 03:45 . 2008-04-14 09:41 18944 c:\windows\system32\dllcache\lprmon.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 18944 c:\windows\system32\dllcache\lprmon.dll

- 2008-11-13 03:45 . 2008-04-14 09:41 22528 c:\windows\system32\dllcache\lpdsvc.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 22528 c:\windows\system32\dllcache\lpdsvc.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 33792 c:\windows\system32\dllcache\lmmib2.dll

- 2008-11-13 03:45 . 2008-04-14 09:41 33792 c:\windows\system32\dllcache\lmmib2.dll

+ 2008-04-14 09:41 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2008-04-14 09:41 . 2009-01-31 01:33 11264 c:\windows\system32\dllcache\laprxy.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 11264 c:\windows\system32\dllcache\laprxy.dll

- 2008-11-13 03:45 . 2002-09-03 16:25 70656 c:\windows\system32\dllcache\korwbrkr.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 70656 c:\windows\system32\dllcache\korwbrkr.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 18432 c:\windows\system32\dllcache\jupiw.dll

- 2008-11-13 03:44 . 2002-09-03 16:37 18432 c:\windows\system32\dllcache\jupiw.dll

+ 2008-04-14 09:41 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2008-11-13 03:42 . 2008-04-14 09:41 81920 c:\windows\system32\dllcache\isign32.dll

+ 2008-11-13 03:42 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 13312 c:\windows\system32\dllcache\irclass.dll

+ 2010-06-23 20:04 . 2004-08-12 13:58 13312 c:\windows\system32\dllcache\irclass.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 35328 c:\windows\system32\dllcache\iprip.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 35328 c:\windows\system32\dllcache\iprip.dll

+ 2008-04-14 09:41 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll

+ 2010-06-23 20:14 . 2008-04-14 02:13 59392 c:\windows\system32\dllcache\imscinst.exe

- 2008-11-13 03:44 . 2002-09-03 16:25 59392 c:\windows\system32\dllcache\imscinst.exe

- 2008-11-13 03:44 . 2002-09-03 16:25 59904 c:\windows\system32\dllcache\imkrinst.exe

+ 2010-06-23 20:14 . 2004-08-12 13:58 59904 c:\windows\system32\dllcache\imkrinst.exe

+ 2010-06-23 20:14 . 2004-08-12 13:58 45109 c:\windows\system32\dllcache\imjpuex.exe

- 2008-11-13 03:44 . 2002-09-03 16:25 45109 c:\windows\system32\dllcache\imjpuex.exe

+ 2010-06-23 20:14 . 2008-04-14 09:39 81976 c:\windows\system32\dllcache\imjpdct.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 81976 c:\windows\system32\dllcache\imjpdct.dll

- 2008-11-13 03:44 . 2002-09-03 16:24 57398 c:\windows\system32\dllcache\imjpdadm.exe

+ 2010-06-23 20:14 . 2004-08-12 13:58 57398 c:\windows\system32\dllcache\imjpdadm.exe

+ 2008-04-14 09:41 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll

- 2008-11-13 03:44 . 2002-09-03 16:24 44032 c:\windows\system32\dllcache\imekrmig.exe

+ 2010-06-23 20:14 . 2004-08-12 13:58 44032 c:\windows\system32\dllcache\imekrmig.exe

+ 2010-06-23 20:14 . 2008-04-14 09:39 86016 c:\windows\system32\dllcache\imekrmbx.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 86016 c:\windows\system32\dllcache\imekrmbx.dll

+ 2008-04-14 09:41 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll

+ 2008-04-14 09:41 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2008-11-13 03:42 . 2008-04-14 09:42 18432 c:\windows\system32\dllcache\iedw.exe

+ 2010-06-23 20:14 . 2008-04-14 09:41 39936 c:\windows\system32\dllcache\hostmib.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 39936 c:\windows\system32\dllcache\hostmib.dll

+ 2008-11-13 03:42 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 36864 c:\windows\system32\dllcache\hanjadic.dll

- 2008-11-13 03:44 . 2002-09-03 16:24 36864 c:\windows\system32\dllcache\hanjadic.dll

- 2008-11-13 03:44 . 2002-09-03 16:33 11264 c:\windows\system32\dllcache\fxssend.exe

+ 2010-06-23 20:14 . 2004-08-12 13:57 11264 c:\windows\system32\dllcache\fxssend.exe

- 2008-11-13 03:44 . 2002-09-03 16:33 31744 c:\windows\system32\dllcache\fxsroute.dll

+ 2010-06-23 20:14 . 2004-08-12 13:57 31744 c:\windows\system32\dllcache\fxsroute.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 23552 c:\windows\system32\dllcache\fxsmon.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 23552 c:\windows\system32\dllcache\fxsmon.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 23552 c:\windows\system32\dllcache\fxsext32.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 23552 c:\windows\system32\dllcache\fxsext32.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 55296 c:\windows\system32\dllcache\fxsevent.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 55296 c:\windows\system32\dllcache\fxsevent.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 26624 c:\windows\system32\dllcache\fxsdrv.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 26624 c:\windows\system32\dllcache\fxsdrv.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 72192 c:\windows\system32\dllcache\fxscom.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 72192 c:\windows\system32\dllcache\fxscom.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 20538 c:\windows\system32\dllcache\fpremadm.exe

- 2008-11-13 03:44 . 2003-03-24 21:52 20538 c:\windows\system32\dllcache\fpremadm.exe

+ 2010-06-23 20:14 . 2003-03-24 20:52 20541 c:\windows\system32\dllcache\fpexedll.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 20541 c:\windows\system32\dllcache\fpexedll.dll

- 2008-11-13 03:44 . 2002-05-14 16:08 94208 c:\windows\system32\dllcache\fpencode.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 94208 c:\windows\system32\dllcache\fpencode.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 20541 c:\windows\system32\dllcache\fpadmdll.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 20541 c:\windows\system32\dllcache\fpadmdll.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 24632 c:\windows\system32\dllcache\fpadmcgi.exe

+ 2010-06-23 20:14 . 2003-03-24 20:52 24632 c:\windows\system32\dllcache\fpadmcgi.exe

+ 2010-06-23 20:14 . 2003-03-24 20:52 14608 c:\windows\system32\dllcache\fp98sadm.exe

- 2008-11-13 03:44 . 2002-05-14 16:08 14608 c:\windows\system32\dllcache\fp98sadm.exe

- 2008-11-13 03:44 . 2003-03-24 21:52 49212 c:\windows\system32\dllcache\fp4awebs.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 49212 c:\windows\system32\dllcache\fp4awebs.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 32826 c:\windows\system32\dllcache\fp4avss.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 32826 c:\windows\system32\dllcache\fp4avss.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 41020 c:\windows\system32\dllcache\fp4avnb.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 41020 c:\windows\system32\dllcache\fp4avnb.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 49210 c:\windows\system32\dllcache\fp4areg.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 49210 c:\windows\system32\dllcache\fp4areg.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 82035 c:\windows\system32\dllcache\fp4anscp.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 82035 c:\windows\system32\dllcache\fp4anscp.dll

+ 2010-06-23 20:14 . 2004-08-12 13:57 14848 c:\windows\system32\dllcache\flattemp.exe

- 2008-11-13 03:44 . 2002-09-03 16:33 14848 c:\windows\system32\dllcache\flattemp.exe

+ 2008-04-14 09:41 . 2008-04-14 09:41 55808 c:\windows\system32\dllcache\extmgr.dll

- 2008-11-13 03:45 . 2001-08-18 02:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll

+ 2010-06-23 20:15 . 2001-08-18 02:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll

+ 2010-06-23 20:15 . 2001-08-18 02:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll

- 2008-11-13 03:45 . 2001-08-18 02:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll

+ 2010-06-23 20:15 . 2001-08-18 02:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll

- 2008-11-13 03:45 . 2001-08-18 02:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll

- 2008-11-13 03:45 . 2001-08-18 02:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe

+ 2010-06-23 20:15 . 2001-08-18 02:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe

- 2008-11-13 03:45 . 2001-08-18 02:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

+ 2010-06-23 20:14 . 2001-08-18 02:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

- 2008-11-13 03:45 . 2001-08-18 02:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll

+ 2010-06-23 20:14 . 2001-08-18 02:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll

+ 2010-06-23 20:14 . 2001-08-18 02:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll

- 2008-11-13 03:44 . 2001-08-18 02:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll

- 2008-11-13 03:44 . 2001-08-18 02:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll

+ 2010-06-23 20:14 . 2001-08-18 02:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll

+ 2010-06-23 20:14 . 2008-04-14 09:42 92160 c:\windows\system32\dllcache\evntwin.exe

- 2008-11-13 03:44 . 2008-04-14 09:42 92160 c:\windows\system32\dllcache\evntwin.exe

- 2008-11-13 03:44 . 2008-04-14 09:42 24064 c:\windows\system32\dllcache\evntcmd.exe

+ 2010-06-23 20:14 . 2008-04-14 09:42 24064 c:\windows\system32\dllcache\evntcmd.exe

- 2008-11-13 03:44 . 2002-09-03 16:32 25856 c:\windows\system32\dllcache\et4000.sys

+ 2010-06-23 20:14 . 2004-08-12 13:57 25856 c:\windows\system32\dllcache\et4000.sys

- 2008-11-13 03:44 . 2002-09-03 16:32 45056 c:\windows\system32\dllcache\esunid.dll

+ 2010-06-23 20:14 . 2004-08-12 13:57 45056 c:\windows\system32\dllcache\esunid.dll

+ 2010-06-23 20:14 . 2004-08-12 13:57 57856 c:\windows\system32\dllcache\esuimgd.dll

- 2008-11-13 03:44 . 2002-09-03 16:32 57856 c:\windows\system32\dllcache\esuimgd.dll

+ 2010-06-23 20:14 . 2004-08-12 13:57 31744 c:\windows\system32\dllcache\esucmd.dll

- 2008-11-13 03:44 . 2002-09-03 16:32 31744 c:\windows\system32\dllcache\esucmd.dll

- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dllcache\dnsrslvr.dll

+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll

+ 2004-08-12 13:56 . 2004-08-12 13:56 85020 c:\windows\system32\dllcache\dgsetup.dll

- 2008-11-12 22:36 . 2004-08-12 13:56 85020 c:\windows\system32\dllcache\dgsetup.dll

+ 2008-04-14 09:41 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2008-04-14 09:41 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2008-11-13 03:44 . 2002-09-03 16:29 18944 c:\windows\system32\dllcache\cprofile.exe

+ 2010-06-23 20:14 . 2004-08-12 13:56 18944 c:\windows\system32\dllcache\cprofile.exe

- 2008-11-13 03:44 . 2008-04-14 02:13 57399 c:\windows\system32\dllcache\cplexe.exe

+ 2010-06-23 20:14 . 2008-04-14 02:13 57399 c:\windows\system32\dllcache\cplexe.exe

+ 2008-04-14 09:41 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 56320 c:\windows\system32\dllcache\chtskdic.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 56320 c:\windows\system32\dllcache\chtskdic.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 97792 c:\windows\system32\dllcache\chtmbx.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 97792 c:\windows\system32\dllcache\chtmbx.dll

+ 2010-06-23 20:14 . 2004-08-12 13:56 14336 c:\windows\system32\dllcache\chgusr.exe

- 2008-11-13 03:44 . 2002-09-03 16:28 14336 c:\windows\system32\dllcache\chgusr.exe

- 2008-11-13 03:44 . 2002-09-03 16:28 15872 c:\windows\system32\dllcache\chgport.exe

+ 2010-06-23 20:14 . 2004-08-12 13:56 15872 c:\windows\system32\dllcache\chgport.exe

- 2008-11-13 03:44 . 2002-09-03 16:28 13312 c:\windows\system32\dllcache\chglogon.exe

+ 2010-06-23 20:14 . 2004-08-12 13:56 13312 c:\windows\system32\dllcache\chglogon.exe

+ 2007-04-25 09:20 . 2007-04-25 09:20 62592 c:\windows\system32\dllcache\cdrom.sys

- 2008-11-13 03:44 . 2002-09-03 16:28 54528 c:\windows\system32\dllcache\cap7146.sys

+ 2010-06-23 20:14 . 2004-08-12 13:55 54528 c:\windows\system32\dllcache\cap7146.sys

+ 2010-06-23 20:14 . 2003-03-24 20:52 16439 c:\windows\system32\dllcache\author.exe

- 2008-11-13 03:44 . 2003-03-24 21:52 16439 c:\windows\system32\dllcache\author.exe

+ 2010-06-23 20:14 . 2003-03-24 20:52 20540 c:\windows\system32\dllcache\author.dll

- 2008-11-13 03:44 . 2003-03-24 21:52 20540 c:\windows\system32\dllcache\author.dll

- 2008-11-13 03:44 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0804.dll

+ 2010-06-23 20:14 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0804.dll

+ 2010-06-23 20:14 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0412.dll

- 2008-11-13 03:44 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0412.dll

- 2008-11-13 03:44 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0411.dll

+ 2010-06-23 20:14 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0411.dll

- 2008-11-13 03:44 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0404.dll

+ 2010-06-23 20:14 . 2007-04-03 03:56 19456 c:\windows\system32\dllcache\agt0404.dll

+ 2008-04-14 09:41 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll

+ 2010-06-23 20:14 . 2003-03-24 20:52 16439 c:\windows\system32\dllcache\admin.exe

- 2008-11-13 03:44 . 2003-03-24 21:52 16439 c:\windows\system32\dllcache\admin.exe

- 2008-11-13 03:44 . 2003-03-24 21:52 20540 c:\windows\system32\dllcache\admin.dll

+ 2010-06-23 20:13 . 2003-03-24 20:52 20540 c:\windows\system32\dllcache\admin.dll

- 2008-11-12 22:36 . 2004-08-12 13:56 85020 c:\windows\system32\dgsetup.dll

+ 2004-08-12 13:56 . 2004-08-12 13:56 85020 c:\windows\system32\dgsetup.dll

+ 2008-04-14 09:41 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll

- 2008-04-14 09:41 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll

+ 2008-04-14 09:41 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll

+ 2010-06-23 20:18 . 2010-06-23 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-23 20:18 . 2010-06-23 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010062320100624\index.dat

+ 2008-11-13 03:46 . 2010-06-23 20:18 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-11-13 03:46 . 2010-03-26 19:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-06-23 20:18 . 2010-06-23 20:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-04-14 09:41 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll

+ 2011-05-10 12:15 . 2008-06-17 07:10 69632 c:\windows\system32\34TVCtrl.dll

+ 2004-08-12 14:07 . 2004-08-12 14:07 19200 c:\windows\system\TAPI.DLL

- 2008-11-12 22:36 . 2004-08-12 14:07 19200 c:\windows\system\TAPI.DLL

+ 2004-08-12 14:03 . 2004-08-12 14:03 24064 c:\windows\system\OLESVR.DLL

- 2008-11-12 22:36 . 2004-08-12 14:03 24064 c:\windows\system\OLESVR.DLL

+ 2004-08-12 14:02 . 2004-08-12 14:02 82944 c:\windows\system\OLECLI.DLL

- 2008-11-12 22:36 . 2004-08-12 14:02 82944 c:\windows\system\OLECLI.DLL

- 2008-11-12 22:36 . 2008-04-14 02:24 68768 c:\windows\system\MMSYSTEM.DLL

+ 2008-04-14 02:24 . 2008-04-14 02:24 68768 c:\windows\system\MMSYSTEM.DLL

- 2008-11-12 22:36 . 2004-08-12 13:59 28160 c:\windows\system\MCIWAVE.DRV

+ 2004-08-12 13:59 . 2004-08-12 13:59 28160 c:\windows\system\MCIWAVE.DRV

+ 2004-08-12 13:59 . 2004-08-12 13:59 25264 c:\windows\system\MCISEQ.DRV

- 2008-11-12 22:36 . 2004-08-12 13:59 25264 c:\windows\system\MCISEQ.DRV

- 2008-11-12 22:36 . 2004-08-12 13:59 73376 c:\windows\system\MCIAVI.DRV

+ 2004-08-12 13:59 . 2004-08-12 13:59 73376 c:\windows\system\MCIAVI.DRV

- 2008-11-12 22:36 . 2004-08-12 13:56 32816 c:\windows\system\COMMDLG.DLL

+ 2004-08-12 13:56 . 2004-08-12 13:56 32816 c:\windows\system\COMMDLG.DLL

- 2008-11-12 22:36 . 2008-04-14 09:42 69120 c:\windows\NOTEPAD.EXE

+ 2008-04-14 09:42 . 2008-04-14 09:42 69120 c:\windows\notepad.exe

+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

- 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2010-06-23 20:11 . 2007-10-30 19:36 13801 c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs

+ 2010-06-23 20:11 . 2007-12-12 20:03 18917 c:\windows\Installer\TSClientMsiTrans\tscinst.vbs

+ 2011-04-07 02:33 . 2011-04-07 02:33 10134 c:\windows\Installer\{CFADE4AF-C0CF-4A04-A776-741318F1658F}\ARPPRODUCTICON.exe

+ 2011-07-09 16:00 . 2011-07-09 16:00 27136 c:\windows\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe

- 2009-03-24 14:25 . 2010-06-10 07:09 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2009-03-24 14:25 . 2011-12-18 19:01 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2009-03-24 14:25 . 2011-12-18 19:00 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2009-03-24 14:25 . 2010-06-10 07:09 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2009-03-24 14:25 . 2010-06-10 07:09 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2009-03-24 14:25 . 2011-12-18 19:01 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2009-03-24 14:25 . 2010-06-10 07:09 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-03-24 14:25 . 2011-12-18 19:01 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-03-24 14:25 . 2011-12-18 19:01 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2009-03-24 14:25 . 2010-06-10 07:09 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2009-03-24 14:25 . 2011-12-18 19:01 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2009-03-24 14:25 . 2010-06-10 07:09 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-12-18 19:04 . 2011-12-18 19:04 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-06-04 07:00 . 2011-10-14 07:07 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-06-04 07:00 . 2010-06-04 07:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-04-07 02:32 . 2011-04-07 02:32 86016 c:\windows\Installer\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}\NewShortcut2_14F023817E774962BA726289F216A4C8.exe

+ 2011-04-07 02:32 . 2011-04-07 02:32 86016 c:\windows\Installer\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}\NewShortcut1_14F023817E774962BA726289F216A4C8.exe

+ 2011-04-07 02:32 . 2011-04-07 02:32 86016 c:\windows\Installer\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}\ARPPRODUCTICON.exe

+ 2011-07-16 14:06 . 2011-07-16 14:06 14534 c:\windows\Installer\{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}\SystemFolder_msiexec.exe

+ 2011-01-18 14:41 . 2011-04-12 01:12 46480 c:\windows\Installer\{10964A8F-21C1-45EA-BC2D-F84B505C3848}\NewShortcut21_75FE263BDAF54CF0B5FDBEE4B584F773.exe

+ 2010-10-11 15:19 . 2010-10-11 15:19 68968 c:\windows\Installer\$PatchCache$\Managed\F8A469011C12AE54CBD28FB405C58384\10.4.3001\formrendermgmt.dll

+ 2010-10-11 15:19 . 2010-10-11 15:19 23912 c:\windows\Installer\$PatchCache$\Managed\F8A469011C12AE54CBD28FB405C58384\10.4.3001\exceptions.dll

+ 2010-09-23 08:47 . 2010-09-23 08:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe

+ 2010-09-23 07:03 . 2010-09-23 07:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe

+ 2010-09-23 06:52 . 2010-09-23 06:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe

+ 2010-09-22 22:12 . 2010-09-22 22:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe

+ 2011-02-18 03:46 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll

+ 2011-02-18 03:46 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll

+ 2011-02-18 03:46 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll

+ 2011-02-18 03:46 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll

+ 2011-02-18 03:46 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll

+ 2011-02-18 03:52 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll

+ 2011-02-18 03:52 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll

+ 2011-02-18 03:52 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll

+ 2011-02-18 03:52 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll

+ 2011-02-18 03:52 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll

+ 2011-02-18 03:52 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll

+ 2011-12-18 19:04 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll

+ 2011-12-18 19:04 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll

+ 2011-12-18 19:04 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll

+ 2011-12-18 19:04 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll

+ 2011-12-18 19:04 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll

+ 2011-10-14 07:01 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll

+ 2011-10-14 07:01 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll

+ 2011-10-14 07:01 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll

+ 2011-10-14 07:01 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll

+ 2011-10-14 07:01 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll

+ 2011-08-10 10:09 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll

+ 2011-08-10 10:09 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll

+ 2011-08-10 10:09 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll

+ 2011-08-10 10:09 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll

+ 2011-08-10 10:09 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll

+ 2011-06-16 07:01 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll

+ 2011-06-16 07:01 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll

+ 2011-06-16 07:01 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll

+ 2011-06-16 07:01 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll

+ 2011-06-16 07:01 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll

+ 2011-04-14 07:06 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll

+ 2011-04-14 07:06 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll

+ 2011-04-14 07:06 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll

+ 2011-04-14 07:06 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll

+ 2011-04-14 07:06 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll

+ 2011-02-18 03:47 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll

+ 2011-02-18 03:47 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll

+ 2011-02-18 03:47 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll

+ 2011-02-18 03:47 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll

+ 2011-02-18 03:47 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

+ 2011-02-18 03:43 . 2008-04-14 09:42 37888 c:\windows\ie8\url.dll

+ 2011-02-18 03:45 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll

+ 2011-02-18 03:43 . 2008-04-14 09:42 39424 c:\windows\ie8\pngfilt.dll

+ 2011-02-18 03:43 . 2008-04-14 09:42 96256 c:\windows\ie8\occache.dll

+ 2011-02-18 03:43 . 2008-04-14 01:56 56832 c:\windows\ie8\mshtmler.dll

+ 2011-02-18 03:43 . 2008-04-14 09:42 29184 c:\windows\ie8\mshta.exe

+ 2011-02-18 03:43 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe

+ 2011-02-18 03:43 . 2010-05-04 17:20 52224 c:\windows\ie8\msfeedsbs.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 22016 c:\windows\ie8\licmgr10.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 15872 c:\windows\ie8\jsproxy.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 96256 c:\windows\ie8\inseng.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 35840 c:\windows\ie8\imgutil.dll

+ 2011-02-18 03:43 . 2008-04-14 09:42 93184 c:\windows\ie8\iexplore.exe

+ 2011-02-18 03:43 . 2008-04-14 09:41 62976 c:\windows\ie8\iesetup.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 48640 c:\windows\ie8\iernonce.dll

+ 2011-02-18 03:43 . 2010-12-20 22:15 81920 c:\windows\ie8\ieencode.dll

+ 2011-02-18 03:43 . 2008-04-14 09:42 34304 c:\windows\ie8\ie4uinit.exe

+ 2011-02-18 03:43 . 2010-05-04 17:20 63488 c:\windows\ie8\icardie.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 38912 c:\windows\ie8\hmmapi.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 35328 c:\windows\ie8\corpol.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 99840 c:\windows\ie8\advpack.dll

+ 2011-02-18 03:43 . 2008-04-14 09:41 61440 c:\windows\ie8\admparse.dll

+ 2011-10-14 07:08 . 2011-10-14 07:08 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll

+ 2011-06-22 07:05 . 2011-06-22 07:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll

+ 2011-10-14 07:11 . 2011-10-14 07:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll

+ 2011-08-10 17:57 . 2011-08-10 17:57 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll

+ 2011-10-14 07:11 . 2011-10-14 07:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll

+ 2011-08-10 17:57 . 2011-08-10 17:57 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll

+ 2011-08-10 17:56 . 2011-08-10 17:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll

+ 2011-10-14 07:06 . 2011-10-14 07:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe

+ 2011-08-10 10:16 . 2011-08-10 10:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe

+ 2011-10-14 07:07 . 2011-10-14 07:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll

+ 2011-08-10 10:16 . 2011-08-10 10:16 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll

+ 2011-08-10 17:57 . 2011-08-10 17:57 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll

+ 2011-10-14 07:11 . 2011-10-14 07:11 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a8844048139471f4c7914a41f36a7e81\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9804c5ec5e7a8945d4da1c7e3caf40c7\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0fe4eb7e116bacc97d476713af23f42e\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\01eba2bdd4d6baa3102dc8610e8cec92\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll

+ 2011-10-14 07:10 . 2011-10-14 07:10 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll

+ 2011-06-22 07:07 . 2011-06-22 07:07 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe

+ 2011-10-14 07:09 . 2011-10-14 07:09 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe

+ 2011-06-22 07:07 . 2011-06-22 07:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll

+ 2011-10-14 07:09 . 2011-10-14 07:09 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-10-14 07:06 . 2011-10-14 07:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-12-15 03:17 . 2010-12-15 03:17 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll

+ 2010-12-15 03:17 . 2010-12-15 03:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll

+ 2010-12-15 03:17 . 2010-12-15 03:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll

+ 2010-12-15 03:17 . 2010-12-15 03:17 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-14 07:06 . 2011-10-14 07:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-05-22 16:50 . 2011-05-22 16:50 53248 c:\windows\_ISTMP1.DIR\ZDataI51.dll

+ 2011-05-22 16:50 . 2011-05-22 16:50 46592 c:\windows\_ISTMP1.DIR\_WUTL951.DLL

- 2008-11-17 01:10 . 2008-04-14 09:42 73728 c:\windows\$NtUninstallwmp11$\wmplayer.exe

+ 2011-04-08 00:41 . 2008-04-14 09:42 73728 c:\windows\$NtUninstallwmp11$\wmplayer.exe

+ 2011-04-08 00:41 . 2008-04-14 09:42 98304 c:\windows\$NtUninstallwmp11$\wmpband.dll

- 2008-11-17 01:10 . 2008-04-14 09:42 98304 c:\windows\$NtUninstallwmp11$\wmpband.dll

+ 2010-08-11 07:00 . 2008-04-14 09:41 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll

+ 2010-06-24 00:27 . 2008-04-14 09:41 81920 c:\windows\$NtUninstallKB982381$\ieencode.dll

+ 2010-06-24 00:29 . 2008-04-14 09:42 60416 c:\windows\$NtUninstallKB981793$\tzchange.exe

- 2010-05-26 02:35 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll

+ 2010-06-24 00:29 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB981349$\spmsg.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB981349$\spcustom.dll

+ 2010-06-24 00:35 . 2009-05-26 09:01 17272 c:\windows\$NtUninstallKB980232$\spmsg.dll

+ 2010-06-24 00:35 . 2009-05-26 09:01 26488 c:\windows\$NtUninstallKB980232$\spcustom.dll

+ 2010-06-24 00:36 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB980218$\spmsg.dll

+ 2010-06-24 00:36 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB980218$\spcustom.dll

+ 2010-06-24 00:35 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB979683$\spmsg.dll

+ 2010-06-24 00:35 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB979683$\spcustom.dll

+ 2010-06-24 00:29 . 2009-05-26 09:01 17272 c:\windows\$NtUninstallKB979559$\spmsg.dll

+ 2010-06-24 00:29 . 2009-05-26 09:01 26488 c:\windows\$NtUninstallKB979559$\spcustom.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB979482$\spmsg.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB979482$\spcustom.dll

- 2010-06-10 07:05 . 2008-04-14 09:41 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll

+ 2010-06-24 00:28 . 2008-04-14 09:41 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll

+ 2010-06-24 00:28 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB979309$\spmsg.dll

+ 2010-06-24 00:28 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB979309$\spcustom.dll

- 2010-04-14 07:00 . 2008-04-14 09:41 84480 c:\windows\$NtUninstallKB979309$\cabview.dll

+ 2010-06-24 00:28 . 2008-04-14 09:41 84480 c:\windows\$NtUninstallKB979309$\cabview.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB978706$\spmsg.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB978706$\spcustom.dll

+ 2010-06-24 00:29 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB978601$\spmsg.dll

+ 2010-06-24 00:29 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB978601$\spcustom.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB978542$\spmsg.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB978542$\spcustom.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB978338$\spmsg.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB978338$\spcustom.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB978037$\spmsg.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB978037$\spcustom.dll

+ 2010-06-24 00:34 . 2008-04-14 09:41 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll

- 2010-03-07 04:54 . 2008-04-14 09:41 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB977914$\spmsg.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB977914$\spcustom.dll

+ 2010-06-24 00:28 . 2004-08-12 14:01 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll

- 2010-03-07 04:54 . 2004-08-12 14:01 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll

- 2010-03-07 04:54 . 2008-04-14 09:42 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll

+ 2010-06-24 00:28 . 2008-04-14 09:42 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll

- 2010-03-07 04:54 . 2008-04-14 10:41 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll

+ 2010-06-24 00:28 . 2008-04-14 09:51 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll

- 2010-03-07 04:54 . 2009-06-10 14:13 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll

+ 2010-06-24 00:28 . 2008-04-14 09:41 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB977816$\spmsg.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB977816$\spcustom.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB975713$\spmsg.dll

+ 2010-06-24 00:34 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB975713$\spcustom.dll

+ 2010-06-24 00:28 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB975562$\spmsg.dll

+ 2010-06-24 00:28 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB975562$\spcustom.dll

+ 2010-06-24 00:30 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB975561$\spmsg.dll

+ 2010-06-24 00:30 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB975561$\spcustom.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB975560$\spmsg.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB975560$\spcustom.dll

- 2010-03-07 04:54 . 2008-04-14 10:42 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll

+ 2010-06-24 00:29 . 2008-04-14 09:51 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll

+ 2010-06-24 00:27 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB975467$\spmsg.dll

+ 2010-06-24 00:27 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB975467$\spcustom.dll

+ 2010-06-24 00:30 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB975025$\spmsg.dll

+ 2010-06-24 00:30 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB975025$\spcustom.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB974571$\spmsg.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB974571$\spcustom.dll

- 2009-10-14 07:01 . 2008-04-14 09:42 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll

+ 2010-06-24 00:29 . 2008-04-14 09:42 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB974392$\spmsg.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB974392$\spcustom.dll

+ 2010-06-24 00:35 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB974318$\spmsg.dll

+ 2010-06-24 00:35 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB974318$\spcustom.dll

+ 2010-06-24 00:35 . 2008-04-14 09:42 79872 c:\windows\$NtUninstallKB974318$\raschap.dll

- 2009-12-09 08:03 . 2008-04-14 09:42 79872 c:\windows\$NtUninstallKB974318$\raschap.dll

+ 2010-06-24 00:33 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB974112$\spmsg.dll

+ 2010-06-24 00:33 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB974112$\spcustom.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB973904$\spmsg.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB973904$\spcustom.dll

+ 2010-06-24 00:30 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB973869$\spmsg.dll

+ 2010-06-24 00:30 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB973869$\spcustom.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB973815$\spmsg.dll

+ 2010-06-24 00:28 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB973815$\spcustom.dll

+ 2010-06-24 00:29 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB973687$\spmsg.dll

+ 2010-06-24 00:29 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB973687$\spcustom.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB973507$\spmsg.dll

+ 2010-06-24 00:29 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB973507$\spcustom.dll

+ 2010-06-24 00:29 . 2008-04-14 09:41 58880 c:\windows\$NtUninstallKB973507$\atl.dll

- 2009-08-12 07:01 . 2008-04-14 09:41 58880 c:\windows\$NtUninstallKB973507$\atl.dll

+ 2010-06-24 00:33 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB972270$\spmsg.dll

+ 2010-06-24 00:33 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB972270$\spcustom.dll

+ 2010-06-24 00:33 . 2008-04-14 09:41 80896 c:\windows\$NtUninstallKB972270$\fontsub.dll

+ 2010-06-24 00:27 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB971961$\spmsg.dll

+ 2010-06-24 00:27 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB971961$\spcustom.dll

+ 2010-06-24 07:00 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB971737$\spmsg.dll

+ 2010-06-24 07:00 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB971737$\spcustom.dll

+ 2010-06-24 00:34 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB971657$\spmsg.dll

+ 2010-06-24 00:34 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB971657$\spcustom.dll

+ 2010-06-24 00:35 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB971468$\spmsg.dll

+ 2010-06-24 00:35 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB971468$\spcustom.dll

- 2009-12-09 08:03 . 2008-04-14 09:42 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll

+ 2010-06-24 07:00 . 2008-04-14 09:42 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll

+ 2010-06-24 07:00 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB970430$\spmsg.dll

+ 2010-06-24 07:00 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB970430$\spcustom.dll

+ 2010-06-24 07:00 . 2008-04-14 09:41 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll

- 2009-12-09 08:03 . 2008-04-14 09:41 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB970238$\spmsg.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB970238$\spcustom.dll

+ 2010-06-24 00:35 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB969059$\spmsg.dll

+ 2010-06-24 00:35 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB969059$\spcustom.dll

- 2009-09-28 07:00 . 2008-04-14 09:42 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll

+ 2010-06-24 00:27 . 2008-04-14 09:42 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll

+ 2010-06-24 00:27 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB968389$\spmsg.dll

+ 2010-06-24 00:27 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB968389$\spcustom.dll

+ 2010-06-24 00:27 . 2008-04-14 09:42 56320 c:\windows\$NtUninstallKB968389$\secur32.dll

+ 2010-06-24 00:27 . 2008-04-14 04:01 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys

- 2009-09-28 07:00 . 2008-04-14 04:01 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys

+ 2010-06-24 00:29 . 2008-07-09 07:38 17272 c:\windows\$NtUninstallKB967715$\spmsg.dll

+ 2010-06-24 00:29 . 2008-07-09 07:38 26488 c:\windows\$NtUninstallKB967715$\spcustom.dll

+ 2010-06-24 00:33 . 2008-07-09 07:38 17272 c:\windows\$NtUninstallKB961501$\spmsg.dll

+ 2010-06-24 00:33 . 2008-07-09 07:38 26488 c:\windows\$NtUninstallKB961501$\spcustom.dll

- 2009-08-12 07:02 . 2008-04-14 09:42 75776 c:\windows\$NtUninstallKB960859$\telnet.exe

+ 2010-06-24 00:35 . 2008-04-14 09:42 75776 c:\windows\$NtUninstallKB960859$\telnet.exe

+ 2010-06-24 00:35 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB960859$\spmsg.dll

+ 2010-06-24 00:35 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB960859$\spcustom.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB960803$\spmsg.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB960803$\spcustom.dll

+ 2010-06-24 00:34 . 2007-11-30 11:18 17272 c:\windows\$NtUninstallKB960225$\spmsg.dll

+ 2010-06-24 00:34 . 2007-11-30 11:18 26488 c:\windows\$NtUninstallKB960225$\spcustom.dll

+ 2010-06-24 00:36 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB959426$\spmsg.dll

+ 2010-06-24 00:36 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB959426$\spcustom.dll

+ 2010-06-24 00:28 . 2007-11-30 11:18 17272 c:\windows\$NtUninstallKB958644$\spmsg.dll

+ 2010-06-24 00:28 . 2007-11-30 11:18 26488 c:\windows\$NtUninstallKB958644$\spcustom.dll

+ 2010-06-24 00:33 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB956844$\spmsg.dll

+ 2010-06-24 00:33 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB956844$\spcustom.dll

+ 2010-06-24 00:35 . 2007-11-30 11:18 17272 c:\windows\$NtUninstallKB956803$\spmsg.dll

+ 2010-06-24 00:35 . 2007-11-30 11:18 26488 c:\windows\$NtUninstallKB956803$\spcustom.dll

+ 2010-06-24 00:27 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB956802$\spmsg.dll

+ 2010-06-24 00:27 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB956802$\spcustom.dll

+ 2010-06-24 00:33 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB956744$\spmsg.dll

+ 2010-06-24 00:33 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB956744$\spcustom.dll

+ 2010-06-24 00:33 . 2008-07-09 07:38 17272 c:\windows\$NtUninstallKB956572$\spmsg.dll

+ 2010-06-24 00:33 . 2008-07-09 07:38 26488 c:\windows\$NtUninstallKB956572$\spcustom.dll

- 2009-04-15 07:02 . 2004-08-12 14:04 31232 c:\windows\$NtUninstallKB956572$\sc.exe

+ 2010-06-24 00:33 . 2004-08-12 14:04 31232 c:\windows\$NtUninstallKB956572$\sc.exe

+ 2010-06-24 00:35 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB955759$\spmsg.dll

+ 2010-06-24 00:35 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB955759$\spcustom.dll

+ 2010-06-24 00:27 . 2007-11-30 11:18 17272 c:\windows\$NtUninstallKB955069$\spmsg.dll

+ 2010-06-24 00:27 . 2007-11-30 11:18 26488 c:\windows\$NtUninstallKB955069$\spcustom.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB954459$\spmsg.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB954459$\spcustom.dll

+ 2010-06-24 00:29 . 2008-04-14 09:42 72704 c:\windows\$NtUninstallKB953155$\msw3prt.dll

+ 2010-06-24 00:36 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB952954$\spmsg.dll

+ 2010-06-24 00:36 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB952954$\spcustom.dll

+ 2010-06-24 00:36 . 2008-04-14 09:42 73728 c:\windows\$NtUninstallKB952954$\mscms.dll

- 2008-11-14 20:05 . 2008-04-14 09:42 73728 c:\windows\$NtUninstallKB952954$\mscms.dll

+ 2010-06-24 00:29 . 2007-11-30 11:18 17272 c:\windows\$NtUninstallKB952287$\spmsg.dll

+ 2010-06-24 00:29 . 2007-11-30 11:18 26488 c:\windows\$NtUninstallKB952287$\spcustom.dll

+ 2010-06-24 00:30 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB952004$\spmsg.dll

+ 2010-06-24 00:30 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB952004$\spcustom.dll

- 2009-04-15 07:02 . 2008-04-14 09:42 91648 c:\windows\$NtUninstallKB952004$\mtxoci.dll

+ 2010-06-24 00:30 . 2008-04-14 09:42 91648 c:\windows\$NtUninstallKB952004$\mtxoci.dll

- 2009-04-15 07:02 . 2008-04-14 09:42 66560 c:\windows\$NtUninstallKB952004$\mtxclu.dll

+ 2010-06-24 00:30 . 2008-04-14 09:42 66560 c:\windows\$NtUninstallKB952004$\mtxclu.dll

- 2009-04-15 07:02 . 2008-04-14 09:42 58880 c:\windows\$NtUninstallKB952004$\msdtclog.dll

+ 2010-06-24 00:30 . 2008-04-14 09:42 58880 c:\windows\$NtUninstallKB952004$\msdtclog.dll

- 2008-11-14 20:05 . 2008-04-14 09:42 90112 c:\windows\$NtUninstallKB951978$\wshext.dll

+ 2010-06-24 00:35 . 2008-04-14 09:42 90112 c:\windows\$NtUninstallKB951978$\wshext.dll

+ 2010-06-24 00:35 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB951978$\spmsg.dll

+ 2010-06-24 00:35 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB951978$\spcustom.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB951748$\spmsg.dll

+ 2010-06-24 00:28 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB951748$\spcustom.dll

+ 2010-06-24 00:36 . 2007-11-30 11:18 17272 c:\windows\$NtUninstallKB951376-v2$\spmsg.dll

+ 2010-06-24 00:36 . 2007-11-30 11:18 26488 c:\windows\$NtUninstallKB951376-v2$\spcustom.dll

+ 2010-06-24 00:34 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB950974$\spmsg.dll

+ 2010-06-24 00:34 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB950974$\spcustom.dll

+ 2010-06-24 00:29 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB950762$\spmsg.dll

+ 2010-06-24 00:29 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB950762$\spcustom.dll

+ 2010-06-24 00:35 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB946648$\spmsg.dll

+ 2010-06-24 00:35 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB946648$\spcustom.dll

- 2008-11-14 20:05 . 2008-04-14 10:42 82944 c:\windows\$NtUninstallKB946648$\msgsc.dll

+ 2010-06-24 00:35 . 2008-04-14 09:42 82944 c:\windows\$NtUninstallKB946648$\msgsc.dll

+ 2010-12-15 03:16 . 2007-10-22 07:08 20480 c:\windows\$NtUninstallKB926139-v2$\PSCustomSetupUtil.exe

+ 2010-06-24 00:27 . 2008-07-09 07:38 17272 c:\windows\$NtUninstallKB923561$\spmsg.dll

+ 2010-06-24 00:27 . 2008-07-09 07:38 26488 c:\windows\$NtUninstallKB923561$\spcustom.dll

+ 2011-12-18 18:59 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe

+ 2011-12-18 18:59 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll

+ 2011-12-18 18:59 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll

+ 2011-08-25 07:00 . 2010-11-03 13:12 46080 c:\windows\$NtUninstallKB2570791$\tzchange.exe

+ 2011-08-25 07:00 . 2011-07-09 00:32 16896 c:\windows\$NtUninstallKB2570791$\spuninst\tzchange.dll

+ 2011-08-10 10:09 . 2008-04-14 04:27 10112 c:\windows\$NtUninstallKB2566454$\ndistapi.sys

+ 2011-10-14 07:06 . 2004-08-12 14:02 16896 c:\windows\$NtUninstallKB2564958$\oleaccrc.dll

+ 2011-04-18 07:00 . 2008-04-14 09:41 45568 c:\windows\$NtUninstallKB2509553$\dnsrslvr.dll

+ 2011-07-14 01:46 . 2010-12-09 14:30 33280 c:\windows\$NtUninstallKB2507938$\csrsrv.dll

+ 2011-02-11 04:00 . 2010-11-05 05:05 81920 c:\windows\$NtUninstallKB2482017$\ieencode.dll

+ 2011-02-11 04:01 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll

+ 2010-12-16 21:22 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe

+ 2010-12-16 21:22 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll

+ 2010-12-16 21:22 . 2008-04-14 09:41 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll

+ 2010-12-16 21:22 . 2008-04-14 04:27 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys

+ 2010-12-16 21:20 . 2008-04-14 09:42 46080 c:\windows\$NtUninstallKB2423089$\wab.exe

+ 2010-12-16 21:22 . 2010-09-09 14:16 81920 c:\windows\$NtUninstallKB2416400$\ieencode.dll

+ 2010-10-14 07:02 . 2010-06-24 12:10 81920 c:\windows\$NtUninstallKB2360131$\ieencode.dll

+ 2010-09-15 07:02 . 2008-04-14 09:42 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe

+ 2010-10-14 07:03 . 2008-04-14 09:42 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll

+ 2010-08-11 07:04 . 2010-04-16 16:09 81920 c:\windows\$NtUninstallKB2183461$\ieencode.dll

+ 2010-09-29 02:13 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe

+ 2010-09-29 02:13 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll

+ 2010-09-15 07:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll

+ 2010-09-15 07:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll

+ 2010-08-11 07:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll

+ 2010-08-11 07:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll

+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll

+ 2010-06-24 00:27 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982381\update\spcustom.dll

+ 2010-06-24 00:27 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982381\spmsg.dll

+ 2010-04-16 16:00 . 2010-04-16 16:00 81920 c:\windows\$hf_mig$\KB982381\SP3QFE\ieencode.dll

+ 2010-11-16 16:18 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll

+ 2010-11-16 16:18 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll

+ 2010-11-16 16:13 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll

+ 2010-11-16 16:13 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll

+ 2010-11-16 16:13 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll

+ 2010-08-11 07:04 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll

+ 2010-08-11 07:04 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll

+ 2010-10-14 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll

+ 2010-10-14 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll

+ 2010-08-11 07:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll

+ 2010-08-11 07:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll

+ 2010-10-14 07:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll

+ 2010-10-14 07:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll

+ 2010-08-11 07:04 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll

+ 2010-08-11 03:32 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll

+ 2010-08-11 07:04 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll

+ 2010-11-17 08:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll

+ 2010-11-17 08:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll

+ 2010-09-15 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll

+ 2010-09-15 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll

+ 2010-08-11 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll

+ 2010-08-11 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll

+ 2010-10-14 07:02 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll

+ 2010-10-14 07:02 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll

+ 2010-11-17 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll

+ 2010-11-17 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll

+ 2010-11-17 08:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll

+ 2010-11-17 08:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll

+ 2011-03-07 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll

+ 2011-03-07 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll

+ 2010-06-24 00:29 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB953155\update\spcustom.dll

+ 2010-06-24 00:29 . 2007-11-30 11:18 17272 c:\windows\$hf_mig$\KB953155\spmsg.dll

+ 2008-08-28 07:30 . 2008-08-28 07:30 74752 c:\windows\$hf_mig$\KB953155\SP3QFE\msw3prt.dll

+ 2011-11-11 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll

+ 2011-11-11 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll

+ 2011-12-18 19:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll

+ 2011-12-18 19:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll

+ 2011-12-18 18:43 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll

+ 2011-12-18 19:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll

+ 2011-12-18 19:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll

+ 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2619339\update\spcustom.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2619339\spmsg.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll

+ 2011-12-18 18:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll

+ 2011-12-18 19:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE8\update\spcustom.dll

+ 2011-12-18 19:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE8\spmsg.dll

+ 2011-12-18 18:43 . 2011-11-04 19:19 12800 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\xpshims.dll

+ 2011-12-18 18:43 . 2011-11-04 19:19 66560 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtmled.dll

+ 2011-12-18 18:43 . 2011-11-04 19:19 55296 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeedsbs.dll

+ 2011-12-18 18:43 . 2011-11-04 19:19 43520 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\licmgr10.dll

+ 2011-12-18 18:43 . 2011-11-04 19:19 25600 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\jsproxy.dll

+ 2011-09-15 07:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2616676\update\spcustom.dll

+ 2011-09-15 07:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2616676\spmsg.dll

+ 2011-09-07 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2607712\update\spcustom.dll

+ 2011-09-07 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2607712\spmsg.dll

+ 2011-10-14 07:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll

+ 2011-10-14 07:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll

+ 2011-10-14 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll

+ 2011-10-14 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll

+ 2011-10-13 22:03 . 2011-08-22 23:47 12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll

+ 2011-10-13 22:03 . 2011-08-22 23:47 66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll

+ 2011-10-13 22:03 . 2011-08-22 23:47 55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll

+ 2011-10-13 22:03 . 2011-08-22 23:47 43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll

+ 2011-10-13 22:03 . 2011-08-22 23:47 25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll

+ 2011-09-15 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570947\update\spcustom.dll

+ 2011-09-15 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570947\spmsg.dll

+ 2011-08-10 10:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll

+ 2011-08-10 10:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll

+ 2011-08-18 00:52 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll

+ 2011-08-18 00:51 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll

+ 2011-10-15 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll

+ 2011-10-15 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll

+ 2011-08-10 10:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll

+ 2011-08-10 10:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll

+ 2011-08-10 08:26 . 2011-07-08 13:51 10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys

+ 2011-08-10 10:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll

+ 2011-08-10 10:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll

+ 2011-08-10 10:10 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll

+ 2011-08-10 10:10 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll

+ 2011-08-10 08:26 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll

+ 2011-08-10 08:26 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll

+ 2011-08-10 08:26 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll

+ 2011-08-10 08:26 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll

+ 2011-08-10 08:26 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll

+ 2011-07-14 01:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll

+ 2011-07-14 01:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893\update\spcustom.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893\spmsg.dll

+ 2011-11-11 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll

+ 2011-11-11 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544521-IE8\update\spcustom.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544521-IE8\spmsg.dll

+ 2011-07-09 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2541763\update\spcustom.dll

+ 2011-07-09 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2541763\spmsg.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276\update\spcustom.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276\spmsg.dll

+ 2011-08-10 10:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll

+ 2011-08-10 10:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll

+ 2011-06-16 07:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2535512\update\spcustom.dll

+ 2011-06-16 07:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2535512\spmsg.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2530548-IE8\update\spcustom.dll

+ 2011-06-16 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2530548-IE8\spmsg.dll

+ 2011-06-16 02:50 . 2011-04-25 16:09 12800 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\xpshims.dll

+ 2011-06-16 02:50 . 2011-04-25 16:09 66560 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtmled.dll

+ 2011-06-16 02:50 . 2011-04-25 16:09 55296 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeedsbs.dll

+ 2011-06-16 02:50 . 2011-04-25 16:09 43520 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\licmgr10.dll

+ 2011-06-16 02:50 . 2011-04-25 16:09 25600 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\jsproxy.dll

+ 2011-03-24 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll

+ 2011-03-24 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll

+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2511455\update\spcustom.dll

+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2511455\spmsg.dll

+ 2011-04-14 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2510531-IE8\update\spcustom.dll

+ 2011-04-14 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2510531-IE8\spmsg.dll

+ 2011-04-18 07:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2509553\update\spcustom.dll

+ 2011-04-18 07:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2509553\spmsg.dll

+ 2009-04-20 17:06 . 2009-04-20 17:06 45568 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2508429\update\spcustom.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2508429\spmsg.dll

+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2508272\update\spcustom.dll

+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2508272\spmsg.dll

+ 2011-07-14 01:46 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll

+ 2011-07-14 01:46 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll

+ 2011-04-26 11:02 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507618\update\spcustom.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507618\spmsg.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2506223\update\spcustom.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2506223\spmsg.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2506212\update\spcustom.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2506212\spmsg.dll

+ 2011-06-16 07:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503665\update\spcustom.dll

+ 2011-06-16 07:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503665\spmsg.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503658\update\spcustom.dll

+ 2011-04-18 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503658\spmsg.dll

+ 2011-04-14 07:06 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2497640-IE8\update\spcustom.dll

+ 2011-04-14 07:06 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2497640-IE8\spmsg.dll

+ 2011-04-13 11:06 . 2011-02-22 23:27 12800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\xpshims.dll

+ 2011-04-13 11:06 . 2011-02-22 23:27 66560 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtmled.dll

+ 2011-04-13 11:06 . 2011-02-22 23:27 55296 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeedsbs.dll

+ 2011-04-13 11:06 . 2011-02-22 23:27 43520 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\licmgr10.dll

+ 2011-04-13 11:06 . 2011-02-22 23:27 25600 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\jsproxy.dll

+ 2011-04-14 07:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485663\update\spcustom.dll

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

+ 2011-04-14 07:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485663\spmsg.dll

+ 2011-02-11 04:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll

+ 2011-02-11 04:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll

+ 2011-02-11 04:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll

+ 2011-02-11 04:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll

+ 2011-02-11 04:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017\update\spcustom.dll

+ 2011-02-11 04:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017\spmsg.dll

+ 2010-12-20 22:13 . 2010-12-20 22:13 81920 c:\windows\$hf_mig$\KB2482017\SP3QFE\ieencode.dll

+ 2011-02-18 03:47 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll

+ 2011-02-18 03:47 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll

+ 2011-02-18 03:42 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll

+ 2011-02-18 03:42 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll

+ 2011-02-18 03:42 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll

+ 2011-02-18 03:42 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll

+ 2011-02-18 03:42 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll

+ 2011-03-12 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll

+ 2011-03-12 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll

+ 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll

+ 2011-03-12 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll

+ 2011-03-12 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll

+ 2011-02-11 04:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll

+ 2011-02-11 04:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll

+ 2011-02-11 04:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll

+ 2011-02-11 04:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll

+ 2011-02-11 04:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll

+ 2011-02-11 04:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll

+ 2011-02-11 04:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll

+ 2011-02-11 04:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll

+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll

+ 2011-06-20 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476490\update\spcustom.dll

+ 2011-06-20 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476490\spmsg.dll

+ 2010-12-16 21:22 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll

+ 2010-12-16 21:22 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll

+ 2011-02-18 03:47 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2447568-IE8\update\spcustom.dll

+ 2011-02-18 03:47 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2447568-IE8\spmsg.dll

+ 2010-12-16 21:22 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll

+ 2010-12-16 21:22 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll

+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll

+ 2010-12-16 21:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll

+ 2010-12-16 21:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll

+ 2010-12-16 00:42 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys

+ 2010-12-16 21:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll

+ 2010-12-16 21:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll

+ 2010-12-16 21:20 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll

+ 2010-12-16 21:20 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll

+ 2010-12-16 00:42 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe

+ 2011-01-12 08:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll

+ 2011-01-12 08:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll

+ 2010-12-16 21:22 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400\update\spcustom.dll

+ 2010-12-16 21:22 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400\spmsg.dll

+ 2010-11-05 05:04 . 2010-11-05 05:04 81920 c:\windows\$hf_mig$\KB2416400\SP3QFE\ieencode.dll

+ 2011-02-11 04:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll

+ 2011-02-11 03:17 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll

+ 2011-02-11 04:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll

+ 2010-10-14 07:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll

+ 2010-10-14 07:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll

+ 2010-11-16 16:18 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2362765-IE8\update\spcustom.dll

+ 2010-11-16 16:18 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2362765-IE8\spmsg.dll

+ 2010-11-16 16:13 . 2010-08-26 10:42 13312 c:\windows\$hf_mig$\KB2362765-IE8\SP3QFE\iecompat.dll

+ 2010-10-14 07:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll

+ 2010-10-14 07:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll

+ 2010-10-14 07:02 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2360131\update\spcustom.dll

+ 2010-10-14 07:02 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2360131\spmsg.dll

+ 2010-09-09 14:25 . 2010-09-09 14:25 81920 c:\windows\$hf_mig$\KB2360131\SP3QFE\ieencode.dll

+ 2010-11-16 16:18 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2360131-IE8\update\spcustom.dll

+ 2010-11-16 16:18 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2360131-IE8\spmsg.dll

+ 2010-11-16 16:13 . 2010-09-10 05:57 12800 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\xpshims.dll

+ 2010-11-16 16:13 . 2010-09-10 05:57 66560 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtmled.dll

+ 2010-11-16 16:13 . 2010-09-10 05:57 55296 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeedsbs.dll

+ 2010-11-16 16:13 . 2010-09-10 05:57 43520 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\licmgr10.dll

+ 2010-11-16 16:13 . 2010-09-10 05:57 25600 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\jsproxy.dll

+ 2010-09-15 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll

+ 2010-09-15 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll

+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

+ 2010-10-14 07:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll

+ 2010-10-14 07:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll

+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll

+ 2010-12-16 21:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll

+ 2010-12-16 21:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll

+ 2010-08-04 07:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll

+ 2010-08-04 07:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll

+ 2010-10-14 07:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll

+ 2010-10-14 07:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll

+ 2010-09-15 07:02 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll

+ 2010-09-15 07:02 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll

+ 2010-07-15 07:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll

+ 2010-07-15 07:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll

+ 2010-08-11 07:04 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2183461\update\spcustom.dll

+ 2010-08-11 07:04 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2183461\spmsg.dll

+ 2010-06-24 12:11 . 2010-06-24 12:11 81920 c:\windows\$hf_mig$\KB2183461\SP3QFE\ieencode.dll

+ 2010-08-11 07:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll

+ 2010-08-11 07:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll

+ 2010-09-15 07:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll

+ 2010-09-15 07:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll

+ 2010-09-15 07:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll

+ 2010-09-15 07:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll

+ 2010-08-11 07:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll

+ 2010-08-11 07:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll

+ 2010-08-11 07:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll

+ 2010-08-11 07:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-11-15 16:05 . 1999-04-27 05:17 3136 c:\windows\twain_32\ESCNDV\ES0054\ade001.bin

+ 2009-04-15 05:42 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\wmvdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:35 4096 c:\windows\system32\wmvdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:35 4096 c:\windows\system32\wmvdmod.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\wmvdmod.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 4096 c:\windows\system32\WMVADVE.DLL

+ 2005-01-28 18:44 . 2009-01-31 01:34 4096 c:\windows\system32\WMVADVE.DLL

- 2005-01-28 18:44 . 2006-10-19 02:47 4096 c:\windows\system32\WMVADVD.dll

+ 2005-01-28 18:44 . 2009-01-31 01:34 4096 c:\windows\system32\WMVADVD.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\wmsdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 4096 c:\windows\system32\wmsdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 4096 c:\windows\system32\wmsdmod.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\wmsdmod.dll

+ 2010-12-15 03:16 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll

+ 2005-01-28 18:44 . 2009-02-03 01:01 8704 c:\windows\system32\wdfmgr.exe

- 2005-01-28 18:44 . 2006-10-19 02:58 8704 c:\windows\system32\wdfmgr.exe

- 2005-01-28 18:44 . 2006-10-19 02:47 4096 c:\windows\system32\wdfapi.dll

+ 2005-01-28 18:44 . 2009-01-31 01:34 4096 c:\windows\system32\wdfapi.dll

- 2005-01-28 18:44 . 2006-10-19 02:58 8704 c:\windows\system32\uwdf.exe

+ 2005-01-28 18:44 . 2009-02-03 01:01 8704 c:\windows\system32\uwdf.exe

+ 2008-04-14 09:41 . 2009-01-31 01:33 4096 c:\windows\system32\MPG4DMOD.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 4096 c:\windows\system32\MPG4DMOD.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 4096 c:\windows\system32\MP4SDMOD.dll

+ 2008-04-14 09:41 . 2009-01-31 00:33 4096 c:\windows\system32\MP4SDMOD.dll

+ 2008-04-14 09:41 . 2009-01-31 01:33 4096 c:\windows\system32\MP43DMOD.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 4096 c:\windows\system32\MP43DMOD.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdycl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdycl.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdycc.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdycc.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdvntc.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdvntc.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbduzb.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbduzb.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdurdu.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdurdu.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdur.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdur.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdtuq.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdtuq.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdtuf.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdtuf.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdth3.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 6144 c:\windows\system32\kbdth3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdth2.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 6144 c:\windows\system32\kbdth2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdth1.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 5632 c:\windows\system32\kbdth1.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 5632 c:\windows\system32\kbdth0.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdth0.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdtat.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdtat.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdsyr2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdsyr2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdsyr1.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdsyr1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdsl1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdsl1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdsl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdsl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdru1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdru1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdru.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdru.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdro.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdro.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdpl1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdpl1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdpl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdpl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdmon.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdmon.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdlv1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdlv1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdlv.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdlv.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdlt1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdlt1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdlt.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdlt.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdkyr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdkyr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdkaz.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdkaz.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdintel.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdintel.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdintam.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdintam.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdinpun.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 6144 c:\windows\system32\kbdinpun.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinmar.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinmar.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinkan.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinkan.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinhin.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinhin.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinguj.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdinguj.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdindev.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdindev.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhu1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhu1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdhu.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdhu.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 8192 c:\windows\system32\kbdhept.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 8192 c:\windows\system32\kbdhept.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdhela3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdhela3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdhela2.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdhela2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdheb.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdheb.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhe319.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhe319.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhe220.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhe220.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhe.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdhe.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdgkl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdgkl.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5120 c:\windows\system32\kbdgeo.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\system32\kbdgeo.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbdfa.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdfa.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\kbdest.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\kbdest.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbddiv2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbddiv2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbddiv1.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbddiv1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdcz2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdcz2.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdcz1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdcz1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 7168 c:\windows\system32\kbdcz.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 7168 c:\windows\system32\kbdcz.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\kbdcr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdcr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdbu.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdbu.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdblr.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdblr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdazel.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdazel.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbdaze.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\kbdaze.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\system32\kbdarmw.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5120 c:\windows\system32\kbdarmw.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\system32\kbdarme.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5120 c:\windows\system32\kbdarme.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\kbdal.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\KBDAL.DLL

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbda3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbda3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbda2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbda2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\kbda1.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\kbda1.dll

+ 2011-11-15 16:05 . 2006-03-10 05:00 3584 c:\windows\system32\eswiaml.dll

+ 2011-11-15 16:05 . 2005-02-07 23:00 5632 c:\windows\system32\escdev.dll

+ 2011-05-10 12:29 . 2002-09-27 11:53 9856 c:\windows\system32\drivers\pfc.sys

+ 2004-08-12 14:03 . 2004-08-12 14:03 3328 c:\windows\system32\drivers\pciide.sys

- 2004-08-12 14:03 . 2001-08-17 18:51 3328 c:\windows\system32\drivers\pciide.sys

+ 2008-04-14 00:09 . 2008-04-14 09:51 4992 c:\windows\system32\drivers\mspqm.sys

- 2008-11-13 03:55 . 2008-04-14 05:09 4992 c:\windows\system32\drivers\MSPQM.sys

- 2008-11-13 03:55 . 2008-04-14 05:09 5376 c:\windows\system32\drivers\MSPCLOCK.sys

+ 2008-04-14 00:09 . 2008-04-14 09:51 5376 c:\windows\system32\drivers\mspclock.sys

+ 2008-04-14 00:09 . 2008-04-14 09:51 7552 c:\windows\system32\drivers\mskssrv.sys

- 2008-11-13 03:55 . 2008-04-14 05:09 7552 c:\windows\system32\drivers\MSKSSRV.sys

+ 2008-04-14 00:15 . 2008-04-14 09:51 2944 c:\windows\system32\drivers\drmkaud.sys

- 2008-11-13 03:55 . 2008-04-14 05:15 2944 c:\windows\system32\drivers\drmkaud.sys

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:35 4096 c:\windows\system32\dllcache\wmvdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:35 4096 c:\windows\system32\dllcache\wmvdmod.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmvdmod.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 4096 c:\windows\system32\dllcache\wmsdmoe2.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 4096 c:\windows\system32\dllcache\wmsdmod.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmsdmod.dll

+ 2010-06-23 20:15 . 2008-04-14 09:42 8704 c:\windows\system32\dllcache\snmptrap.exe

- 2008-11-13 03:45 . 2008-04-14 09:42 8704 c:\windows\system32\dllcache\snmptrap.exe

- 2008-11-13 03:45 . 2008-04-14 09:42 6144 c:\windows\system32\dllcache\snmpmib.dll

+ 2010-06-23 20:15 . 2008-04-14 09:42 6144 c:\windows\system32\dllcache\snmpmib.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 5632 c:\windows\system32\dllcache\smimsgif.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 5632 c:\windows\system32\dllcache\smimsgif.dll

- 2008-11-13 03:45 . 2002-09-03 17:02 5632 c:\windows\system32\dllcache\smierrsy.dll

+ 2010-06-23 20:15 . 2004-08-12 14:05 5632 c:\windows\system32\dllcache\smierrsy.dll

+ 2010-06-23 20:15 . 2004-08-12 14:03 9728 c:\windows\system32\dllcache\query.exe

- 2008-11-13 03:45 . 2002-09-03 16:53 9728 c:\windows\system32\dllcache\query.exe

+ 2010-06-23 20:15 . 2004-08-12 14:03 6144 c:\windows\system32\dllcache\pmxgl.dll

- 2008-11-13 03:45 . 2002-09-03 16:52 6144 c:\windows\system32\dllcache\pmxgl.dll

+ 2008-04-14 09:41 . 2009-01-31 01:33 4096 c:\windows\system32\dllcache\mpg4dmod.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\mpg4dmod.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\mp4sdmod.dll

+ 2008-04-14 09:41 . 2009-01-31 00:33 4096 c:\windows\system32\dllcache\MP4SDMOD.dll

+ 2008-04-14 09:41 . 2009-01-31 01:33 4096 c:\windows\system32\dllcache\mp43dmod.dll

- 2008-04-14 09:41 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\mp43dmod.dll

- 2008-11-13 03:45 . 2008-04-14 09:42 7680 c:\windows\system32\dllcache\migregdb.exe

+ 2010-06-23 20:14 . 2008-04-14 09:42 7680 c:\windows\system32\dllcache\migregdb.exe

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdycl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdycl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdycc.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdycc.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdvntc.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdvntc.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbduzb.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbduzb.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdurdu.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdurdu.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdur.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdur.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdtuq.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdtuq.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdtuf.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdtuf.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdth3.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdth3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdth2.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdth2.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdth1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdth1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdth0.dll

- 2008-11-13 04:03 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdth0.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdtat.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdtat.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdsyr2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdsyr2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdsyr1.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdsyr1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdsl1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdsl1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdsl.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdsl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdru1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdru1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdru.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdru.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdro.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdro.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdpl1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdpl1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdpl.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdpl.dll

- 2008-11-13 03:45 . 2002-09-03 16:38 7680 c:\windows\system32\dllcache\kbdnecnt.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 7680 c:\windows\system32\dllcache\kbdnecnt.dll

- 2008-11-13 03:45 . 2002-09-03 16:38 9216 c:\windows\system32\dllcache\kbdnecat.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 9216 c:\windows\system32\dllcache\kbdnecat.dll

- 2008-11-13 03:45 . 2002-09-03 16:38 7168 c:\windows\system32\dllcache\kbdnec95.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 7168 c:\windows\system32\dllcache\kbdnec95.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdmon.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdmon.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdlv1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdlv1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdlv.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdlv.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdlt1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdlt1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdlt.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdlt.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbdlk41j.dll

- 2008-11-13 03:45 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbdlk41j.dll

- 2008-11-13 03:45 . 2008-04-14 09:39 6656 c:\windows\system32\dllcache\kbdlk41a.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 6656 c:\windows\system32\dllcache\kbdlk41a.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdkyr.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdkyr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdkaz.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdkaz.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdintel.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdintel.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdintam.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdintam.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdinpun.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdinpun.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinmar.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinmar.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinkan.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinkan.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinhin.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinhin.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinguj.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdinguj.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdindev.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdindev.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 7168 c:\windows\system32\dllcache\kbdibm02.dll

- 2008-11-13 03:45 . 2008-04-14 09:39 7168 c:\windows\system32\dllcache\kbdibm02.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhu1.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhu1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdhu.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdhu.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 8192 c:\windows\system32\dllcache\kbdhept.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 8192 c:\windows\system32\dllcache\kbdhept.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdhela3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdhela3.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdhela2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdhela2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdheb.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdheb.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhe319.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhe319.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhe220.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhe220.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhe.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdhe.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdgkl.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdgkl.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5120 c:\windows\system32\dllcache\kbdgeo.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\system32\dllcache\kbdgeo.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdfa.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdfa.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdest.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbdest.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbddiv2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbddiv2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbddiv1.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbddiv1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdcz2.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdcz2.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdcz1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdcz1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 7168 c:\windows\system32\dllcache\kbdcz.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 7168 c:\windows\system32\dllcache\kbdcz.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdcr.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdcr.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdbu.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdbu.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdblr.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdblr.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdazel.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdazel.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdaze.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbdaze.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbdax2.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbdax2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5120 c:\windows\system32\dllcache\kbdarmw.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\system32\dllcache\kbdarmw.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5120 c:\windows\system32\dllcache\kbdarme.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5120 c:\windows\system32\dllcache\kbdarme.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdal.dll

- 2008-11-12 22:36 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\kbdal.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbda3.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbda3.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbda2.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbda2.dll

- 2008-11-13 04:04 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbda1.dll

+ 2004-08-12 13:58 . 2004-08-12 13:58 5632 c:\windows\system32\dllcache\kbda1.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbd106n.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbd106n.dll

- 2008-11-13 03:44 . 2002-09-03 16:37 6144 c:\windows\system32\dllcache\kbd101a.dll

+ 2010-06-23 20:14 . 2004-08-12 13:58 6144 c:\windows\system32\dllcache\kbd101a.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbd101.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbd101.dll

+ 2010-11-16 16:13 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 6656 c:\windows\system32\dllcache\fxsres.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 6656 c:\windows\system32\dllcache\fxsres.dll

+ 2010-06-23 20:14 . 2008-04-14 09:41 8704 c:\windows\system32\dllcache\fxsperf.dll

- 2008-11-13 03:44 . 2008-04-14 09:41 8704 c:\windows\system32\dllcache\fxsperf.dll

+ 2010-06-23 20:14 . 2008-04-14 09:39 7168 c:\windows\system32\dllcache\f3ahvoas.dll

- 2008-11-13 03:44 . 2008-04-14 09:39 7168 c:\windows\system32\dllcache\f3ahvoas.dll

+ 2010-06-23 20:15 . 2001-08-18 02:36 7168 c:\windows\system32\dllcache\EXCH_snprfdll.dll

- 2008-11-13 03:45 . 2001-08-18 02:36 7168 c:\windows\system32\dllcache\EXCH_snprfdll.dll

- 2008-11-13 03:44 . 2001-08-18 02:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll

+ 2010-06-23 20:14 . 2001-08-18 02:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll

+ 2010-06-23 20:14 . 2004-08-12 13:56 9728 c:\windows\system32\dllcache\change.exe

- 2008-11-13 03:44 . 2002-09-03 16:28 9728 c:\windows\system32\dllcache\change.exe

- 2008-11-13 03:44 . 2002-09-03 16:30 6656 c:\windows\system32\dllcache\c_is2022.dll

+ 2010-06-23 20:14 . 2004-08-12 13:56 6656 c:\windows\system32\dllcache\c_is2022.dll

- 2008-11-12 22:36 . 2008-04-14 09:41 8704 c:\windows\system32\dllcache\batt.dll

+ 2008-04-14 09:41 . 2008-04-14 09:41 8704 c:\windows\system32\dllcache\batt.dll

- 2008-04-14 02:53 . 2006-10-19 02:47 7168 c:\windows\system32\dllcache\asferror.dll

+ 2008-04-14 02:53 . 2009-01-31 00:33 7168 c:\windows\system32\dllcache\asferror.dll

- 2008-11-12 22:36 . 2008-04-14 09:41 8704 c:\windows\system32\batt.dll

+ 2008-04-14 09:41 . 2008-04-14 09:41 8704 c:\windows\system32\batt.dll

- 2008-04-14 02:53 . 2006-10-19 02:47 7168 c:\windows\system32\asferror.dll

+ 2008-04-14 02:53 . 2009-01-31 00:33 7168 c:\windows\system32\asferror.dll

+ 2011-07-24 13:57 . 1999-09-10 16:06 4672 c:\windows\system\WOWPOST.EXE

+ 2011-07-24 13:57 . 1999-09-10 16:06 5600 c:\windows\system\WINASPI.DLL

- 2008-11-12 22:36 . 2004-08-12 14:08 9008 c:\windows\system\VER.DLL

+ 2004-08-12 14:08 . 2004-08-12 14:08 9008 c:\windows\system\VER.DLL

+ 2004-08-12 14:05 . 2004-08-12 14:05 5120 c:\windows\system\SHELL.DLL

- 2008-11-12 22:36 . 2004-08-12 14:05 5120 c:\windows\system\SHELL.DLL

- 2008-11-12 22:36 . 2004-08-12 13:59 9936 c:\windows\system\LZEXPAND.DLL

+ 2004-08-12 13:59 . 2004-08-12 13:59 9936 c:\windows\system\LZEXPAND.DLL

+ 2010-06-23 20:11 . 2008-01-19 00:43 2247 c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat

- 2009-03-24 14:25 . 2010-06-10 07:09 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-03-24 14:25 . 2011-12-18 19:01 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-02-18 03:47 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-14 07:06 . 2011-10-14 07:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-12-15 03:17 . 2010-12-15 03:17 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-04-08 00:41 . 2008-04-14 02:53 8192 c:\windows\$NtUninstallwmp11$\asferror.dll

- 2008-11-17 01:10 . 2008-04-14 02:53 8192 c:\windows\$NtUninstallwmp11$\asferror.dll

+ 2010-09-15 07:02 . 2008-05-03 11:55 2560 c:\windows\$NtUninstallKB982802$\xpsp4res.dll

+ 2010-06-24 00:28 . 2004-08-12 13:57 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll

- 2010-03-07 04:54 . 2001-08-18 03:36 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll

+ 2010-12-15 03:16 . 2007-10-30 09:15 7680 c:\windows\$NtUninstallKB926139-v2$\PSSetupNativeUtils.exe

+ 2011-04-18 07:01 . 2010-08-26 12:52 5120 c:\windows\$NtUninstallKB2508429$\xpsp4res.dll

+ 2010-10-14 07:00 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll

+ 2010-10-14 07:03 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll

+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll

+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll

+ 2011-02-17 12:32 . 2011-02-17 12:32 5120 c:\windows\$hf_mig$\KB2508429\SP3QFE\xpsp4res.dll

+ 2011-02-18 03:41 . 2010-10-18 10:39 7680 c:\windows\$hf_mig$\KB2447568-IE8\SP3QFE\iecompat.dll

+ 2010-10-14 05:17 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll

+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-06-10 07:04 . 2010-06-10 07:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-10-14 07:05 . 2011-10-14 07:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

- 2007-11-07 06:19 . 2007-11-07 06:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll

+ 2007-11-07 05:19 . 2007-11-07 05:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll

+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

+ 2008-11-12 22:36 . 2004-08-12 13:55 921088 c:\windows\WinSxS\InstallTemp\64856\comctl32.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 118784 c:\windows\twain_32\ESCNDV\escndv.exe

+ 2011-11-15 16:05 . 2005-08-29 05:00 143360 c:\windows\twain_32\ESCNDV\ES0054\FFMT\esexf.dll

+ 2011-11-15 16:05 . 2006-05-22 05:00 102400 c:\windows\twain_32\ESCNDV\ES0054\FFMT\eppdf.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 151552 c:\windows\twain_32\ESCNDV\ES0054\FFMT\epjpg.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 126976 c:\windows\twain_32\ESCNDV\ES0054\esutwb.dll

+ 2011-11-15 16:05 . 2006-04-17 05:00 675840 c:\windows\twain_32\ESCNDV\ES0054\esui.dll

+ 2011-11-15 16:05 . 2006-04-17 05:00 249856 c:\windows\twain_32\ESCNDV\ES0054\estwpmg.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 327680 c:\windows\twain_32\ESCNDV\ES0054\esscncl.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 561272 c:\windows\twain_32\ESCNDV\ES0054\esmpsres.dll

+ 2011-11-15 16:05 . 2006-04-17 05:00 348254 c:\windows\twain_32\ESCNDV\ES0054\esmps.dll

+ 2011-11-15 16:05 . 2006-04-17 05:00 229376 c:\windows\twain_32\ESCNDV\ES0054\esimgctl.dll

+ 2011-11-15 16:05 . 2006-04-07 05:00 561152 c:\windows\twain_32\ESCNDV\ES0054\esimfl.dll

+ 2011-11-15 16:05 . 2006-03-06 05:00 172032 c:\windows\twain_32\ESCNDV\ES0054\esfit.dll

+ 2011-11-15 16:05 . 2006-04-11 05:00 413696 c:\windows\twain_32\ESCNDV\ES0054\esdtr.dll

+ 2011-11-15 16:05 . 2005-06-01 20:26 180224 c:\windows\twain_32\ESCNDV\ES0054\esdice54.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 131072 c:\windows\twain_32\ESCNDV\ES0054\esdevif.dll

+ 2011-11-15 16:05 . 2006-03-08 05:00 188416 c:\windows\twain_32\ESCNDV\ES0054\esdevcl.dll

+ 2008-04-14 09:42 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 121856 c:\windows\system32\xmllite.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 356352 c:\windows\system32\wpdsp.dll

+ 2005-01-28 18:44 . 2009-01-31 01:35 356352 c:\windows\system32\wpdsp.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 133632 c:\windows\system32\WPDShServiceObj.dll

+ 2006-10-19 02:47 . 2009-01-31 01:35 133632 c:\windows\system32\WPDShServiceObj.dll

+ 2005-01-28 18:44 . 2009-01-31 01:35 154624 c:\windows\system32\wpdmtp.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 154624 c:\windows\system32\wpdmtp.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 629760 c:\windows\system32\wpd_ci.dll

+ 2005-01-28 18:44 . 2009-01-31 01:35 629760 c:\windows\system32\wpd_ci.dll

+ 2006-10-19 02:47 . 2009-01-31 01:35 656896 c:\windows\system32\WMVXENCD.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 656896 c:\windows\system32\WMVXENCD.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 767488 c:\windows\system32\WMVSENCD.dll

+ 2006-10-19 02:47 . 2009-01-31 01:35 767488 c:\windows\system32\WMVSENCD.dll

+ 2008-04-14 09:42 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll

- 2008-04-14 09:42 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 204288 c:\windows\system32\wmpsrcwp.dll

+ 2009-01-31 00:34 . 2009-01-31 00:34 204288 c:\windows\system32\wmpsrcwp.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 130048 c:\windows\system32\wmpps.dll

+ 2009-01-31 00:34 . 2009-01-31 00:34 130048 c:\windows\system32\wmpps.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 613376 c:\windows\system32\wmpmde.dll

+ 2009-01-31 00:34 . 2009-01-31 00:34 613376 c:\windows\system32\wmpmde.dll

+ 2009-01-31 00:34 . 2009-01-31 00:34 295936 c:\windows\system32\wmpeffects.dll

- 2006-10-19 02:47 . 2008-06-24 23:12 295936 c:\windows\system32\wmpeffects.dll

+ 2008-04-14 09:42 . 2009-01-31 00:34 211456 c:\windows\system32\wmpasf.dll

- 2008-04-14 09:42 . 2008-06-18 10:03 938496 c:\windows\system32\WMNetmgr.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 938496 c:\windows\system32\WMNetMgr.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 157184 c:\windows\system32\wmidx.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 157184 c:\windows\system32\wmidx.dll

+ 2008-04-14 02:53 . 2009-01-31 00:34 227328 c:\windows\system32\wmerror.dll

- 2008-04-14 02:53 . 2006-10-19 02:47 227328 c:\windows\system32\wmerror.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 535040 c:\windows\system32\wmdrmsdk.dll

+ 2006-10-19 02:47 . 2009-01-31 01:34 535040 c:\windows\system32\wmdrmsdk.dll

+ 2005-01-28 18:44 . 2009-01-31 01:34 348672 c:\windows\system32\wmdrmnet.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 348672 c:\windows\system32\wmdrmnet.dll

+ 2005-01-28 18:44 . 2009-01-31 01:34 429056 c:\windows\system32\wmdrmdev.dll

- 2005-01-28 18:44 . 2006-10-19 02:47 429056 c:\windows\system32\wmdrmdev.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 222208 c:\windows\system32\WMASF.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 757248 c:\windows\system32\WMADMOD.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 757248 c:\windows\system32\WMADMOD.dll

+ 2008-04-14 09:42 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 293376 c:\windows\system32\winsrv.dll

+ 2008-04-14 09:42 . 2011-11-04 19:20 916992 c:\windows\system32\wininet.dll

+ 2007-08-13 22:45 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe

+ 2010-12-15 03:16 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe

+ 2008-04-14 09:42 . 2008-08-28 07:46 104960 c:\windows\system32\win32spl.dll

+ 2008-04-14 09:42 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll

+ 2007-07-12 06:00 . 2010-08-12 04:07 100848 c:\windows\system32\vxblock.dll

+ 2008-04-14 09:42 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll

+ 2009-03-07 18:35 . 1998-04-24 04:00 368912 c:\windows\system32\Vbar332.dll

- 2009-03-07 18:35 . 2003-10-28 19:10 368912 c:\windows\system32\Vbar332.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 406016 c:\windows\system32\usp10.dll

+ 2008-04-14 09:42 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

- 2008-04-14 09:42 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll

+ 2008-04-14 09:42 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll

+ 2011-05-22 16:50 . 2011-03-02 10:43 175616 c:\windows\system32\unrar.dll

+ 2007-10-09 17:03 . 2011-09-26 15:41 611328 c:\windows\system32\uiautomationcore.dll

- 2008-04-14 09:42 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll

+ 2008-04-14 09:42 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll

- 2009-03-24 14:25 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll

+ 2011-08-16 07:03 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll

+ 2008-04-14 09:42 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 135168 c:\windows\system32\shsvcs.dll

+ 2008-04-14 09:42 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll

+ 2008-04-14 09:42 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 270848 c:\windows\system32\sbe.dll

+ 2008-04-14 09:42 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll

+ 2008-04-14 09:42 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll

+ 2008-04-14 09:42 . 2009-01-31 01:34 211456 c:\windows\system32\qasf.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 211456 c:\windows\system32\qasf.dll

+ 2007-12-11 00:37 . 2010-08-12 04:07 440816 c:\windows\system32\PxWave.dll

+ 2007-12-11 00:37 . 2010-08-12 04:07 219632 c:\windows\system32\PxMas.dll

+ 2007-11-14 19:08 . 2010-08-12 04:07 126448 c:\windows\system32\pxinsi64.exe

+ 2008-04-16 06:02 . 2010-08-12 04:07 567792 c:\windows\system32\pxdrv.dll

+ 2007-12-11 00:37 . 2010-08-12 04:07 133616 c:\windows\system32\PxAFS.DLL

+ 2007-12-11 00:37 . 2010-08-12 04:07 698864 c:\windows\system32\Px.dll

+ 2008-04-14 05:42 . 2008-04-14 09:51 363520 c:\windows\system32\psisdecd.dll

- 2009-12-29 02:15 . 2008-04-14 10:42 363520 c:\windows\system32\PsisDecd.dll

+ 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe

- 2006-10-19 02:47 . 2006-10-19 02:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll

+ 2006-10-19 02:47 . 2009-01-31 01:34 199168 c:\windows\system32\PortableDeviceWMDRM.dll

+ 2006-10-19 02:47 . 2009-01-31 01:34 132096 c:\windows\system32\PortableDeviceWiaCompat.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 166912 c:\windows\system32\PortableDeviceTypes.dll

+ 2006-10-19 02:47 . 2009-01-31 01:34 166912 c:\windows\system32\PortableDeviceTypes.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll

+ 2006-10-19 02:47 . 2009-01-31 01:34 101888 c:\windows\system32\PortableDeviceClassExtension.dll

+ 2006-10-19 02:47 . 2009-01-31 01:34 254976 c:\windows\system32\PortableDeviceApi.dll

+ 2004-08-12 14:03 . 2012-03-13 17:20 436064 c:\windows\system32\perfh009.dat

+ 2008-04-14 09:42 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 551936 c:\windows\system32\oleaut32.dll

+ 2004-08-12 14:02 . 2011-09-26 15:41 220160 c:\windows\system32\oleacc.dll

+ 2008-04-14 09:42 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll

- 2008-04-14 09:42 . 2008-04-14 09:42 249856 c:\windows\system32\odbc32.dll

+ 2008-04-14 09:42 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll

+ 2008-04-14 09:41 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll

+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll

- 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 321536 c:\windows\system32\mswmdm.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 321536 c:\windows\system32\mswmdm.dll

+ 2008-11-13 03:41 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe

- 2008-11-13 03:41 . 2008-04-14 09:42 677888 c:\windows\system32\mstsc.exe

+ 2008-04-14 09:42 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 414720 c:\windows\system32\msscp.dll

- 2008-04-14 09:42 . 2006-12-04 21:21 414720 c:\windows\system32\msscp.dll

+ 2008-04-14 09:42 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 175616 c:\windows\system32\mspmsp.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 175616 c:\windows\system32\mspmsp.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 179712 c:\windows\system32\msnetobj.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 179712 c:\windows\system32\msnetobj.dll

+ 2004-08-12 14:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll

- 2004-08-12 14:00 . 2007-08-13 22:54 156160 c:\windows\system32\msls31.dll

+ 2008-04-14 05:42 . 2008-04-14 09:42 294912 c:\windows\system32\msh263.drv

- 2008-04-14 05:42 . 2008-04-14 10:42 294912 c:\windows\system32\msh263.drv

+ 2007-08-13 22:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll

+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll

+ 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 259072 c:\windows\system32\MPG4DECD.dll

+ 2006-10-19 02:47 . 2009-01-31 01:33 259072 c:\windows\system32\MPG4DECD.dll

+ 2006-10-19 02:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 259072 c:\windows\system32\MP43DECD.dll

+ 2006-10-19 02:47 . 2009-01-31 01:33 259072 c:\windows\system32\MP43DECD.dll

+ 2006-10-19 02:47 . 2009-01-31 01:33 212992 c:\windows\system32\MFPLAT.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 212992 c:\windows\system32\MFPLAT.dll

+ 2007-04-03 12:44 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll

+ 2008-04-14 09:41 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll

+ 2008-04-14 09:41 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll

+ 2004-08-12 13:59 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll

+ 2011-04-14 21:42 . 2011-04-14 21:42 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe

+ 2008-04-14 09:41 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll

- 2008-04-14 09:41 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll

- 2008-04-14 09:42 . 2008-06-18 06:09 100864 c:\windows\system32\logagent.exe

+ 2008-04-14 09:42 . 2009-01-30 22:37 100864 c:\windows\system32\logagent.exe

- 2008-04-14 09:41 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll

+ 2008-04-14 09:41 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll

+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll

+ 2011-07-21 02:33 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe

+ 2011-07-21 02:33 . 2011-05-04 08:52 145184 c:\windows\system32\javaw.exe

- 2010-04-05 01:16 . 2010-03-09 08:28 145184 c:\windows\system32\javaw.exe

+ 2011-07-21 02:33 . 2011-05-04 08:52 145184 c:\windows\system32\java.exe

- 2010-04-05 01:16 . 2010-03-09 08:28 145184 c:\windows\system32\java.exe

+ 2008-11-13 03:42 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll

+ 2008-10-30 20:37 . 2008-10-30 20:37 922112 c:\windows\system32\imapi2fs.dll

+ 2008-10-30 20:37 . 2008-10-30 20:37 426496 c:\windows\system32\imapi2.dll

+ 2008-11-13 03:52 . 2007-04-17 00:51 142104 c:\windows\system32\igfxtray.exe

- 2008-11-13 03:58 . 2007-04-17 00:50 172032 c:\windows\system32\igfxres.dll

+ 2010-06-23 20:21 . 2007-04-17 00:50 172032 c:\windows\system32\igfxres.dll

+ 2008-11-13 03:52 . 2007-04-17 00:51 138008 c:\windows\system32\igfxpers.exe

+ 2007-08-13 22:54 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll

+ 2008-04-14 09:41 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll

+ 2008-04-14 09:41 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 16:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll

+ 2004-08-12 13:57 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll

+ 2008-04-14 09:41 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll

+ 2008-04-14 09:41 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll

+ 2008-04-14 09:42 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe

+ 2008-11-13 03:52 . 2007-04-17 00:51 162584 c:\windows\system32\hkcmd.exe

+ 2008-11-12 22:35 . 2011-12-21 11:58 364912 c:\windows\system32\FNTCACHE.DAT

- 2008-11-12 22:35 . 2010-06-10 07:25 364912 c:\windows\system32\FNTCACHE.DAT

+ 2011-11-15 16:05 . 2006-05-23 05:00 172032 c:\windows\system32\esint54.dll

+ 2008-04-14 09:41 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll

- 2008-04-14 09:41 . 2008-04-14 09:41 186880 c:\windows\system32\encdec.dll

+ 2004-08-12 13:57 . 2004-08-12 13:57 514587 c:\windows\system32\edb500.dll

+ 2008-04-14 09:41 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll

+ 2008-04-14 09:41 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll

- 2008-04-14 09:42 . 2006-10-19 02:47 991744 c:\windows\system32\drmv2clt.dll

+ 2008-04-14 09:42 . 2009-01-31 01:33 991744 c:\windows\system32\drmv2clt.dll

+ 2006-10-19 01:00 . 2009-01-30 22:23 249856 c:\windows\system32\drmupgds.exe

- 2006-10-19 01:00 . 2006-10-19 01:00 249856 c:\windows\system32\drmupgds.exe

+ 2008-04-14 04:15 . 2008-04-14 04:15 143872 c:\windows\system32\drivers\usbport.sys

- 2008-04-14 04:15 . 2008-04-14 05:15 143872 c:\windows\system32\drivers\usbport.sys

+ 2006-10-19 02:47 . 2009-01-31 01:35 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll

- 2006-10-19 02:47 . 2006-10-19 02:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll

+ 2008-04-14 04:45 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys

+ 2011-05-10 12:15 . 2008-06-17 07:10 279552 c:\windows\system32\drivers\SAA713x.sys

+ 2008-11-13 03:41 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys

- 2008-11-13 03:41 . 2008-04-14 09:43 139656 c:\windows\system32\drivers\rdpwd.sys

+ 2008-04-14 00:49 . 2008-04-14 09:51 146048 c:\windows\system32\drivers\portcls.sys

- 2008-11-13 03:55 . 2008-04-14 05:49 146048 c:\windows\system32\drivers\portcls.sys

+ 2008-04-14 04:47 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys

+ 2008-04-14 04:47 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys

- 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\drivers\ks.sys

+ 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\drivers\ks.sys

- 2008-11-13 03:55 . 2008-04-14 05:15 172416 c:\windows\system32\drivers\kmixer.sys

+ 2008-04-14 00:15 . 2008-04-14 09:51 172416 c:\windows\system32\drivers\kmixer.sys

- 2008-11-13 20:49 . 2008-06-13 11:05 272128 c:\windows\system32\drivers\bthport.sys

+ 2008-04-14 04:16 . 2008-06-13 11:05 272128 c:\windows\system32\drivers\bthport.sys

+ 2008-04-14 04:49 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys

- 2008-04-14 04:49 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys

- 2008-11-13 03:56 . 2008-04-14 03:09 142592 c:\windows\system32\drivers\aec.sys

+ 2008-04-13 22:09 . 2008-04-14 09:51 142592 c:\windows\system32\drivers\aec.sys

+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows\system32\dnssdX.dll

+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll

+ 2008-11-13 03:41 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

Here is the end of the report, after the very long list of files with a "+" and "-" next to them. It was too much to post. Please let me know if you want me to attach the entire file.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-11-18 155648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-12 50688]

InterVideo WinCinema Manager.lnk - c:\program files\Common Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-5-10 151552]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scheduler for OEM.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scheduler for OEM.lnk

backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-03-28 20:48 622592 ----a-r- c:\program files\Brother\Brmfcmon\brmfcwnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-04-10 19:58 61440 ----a-w- c:\program files\Brother\ControlCenter3\brctrcen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Chris\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\Apps\\utorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"36831:TCP"= 36831:TCP:Bittorrent

"36831:UDP"= 36831:UDP:Bittorrent

.

R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [5/10/2011 8:15 AM 279552]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 10:47 AM 14088]

R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [5/10/2011 8:20 AM 25984]

S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]

S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [12/28/2009 10:15 PM 906368]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vaiomediaplatform-integratedserver-upnp

a016bus

nvmd

SQLAgent$MICROSOFTBCM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: + Offline &Explorer: Download the link - file://c:\documents and settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\documents and settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_AllO.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: llbean.com

FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - user.js: general.useragent.extra.brc -

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-iriver Firmware Updater - c:\program files\iriver\iriver Firmware Updater\uninstall.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Chris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-25 09:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E2E5262-99BE-253B-781A-A90C2CA29200}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2820)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\windows\system32\wmpasf.dll

c:\windows\system32\DRMClien.DLL

c:\program files\K-Lite Codec Pack\Filters\MP4Splitter.ax

c:\program files\K-Lite Codec Pack\Filters\FLVSplitter.ax

c:\progra~1\COMMON~1\ULEADS~2\MPEG\ulspmp4.ax

c:\program files\Common Files\Ulead Systems\MPEG\ulspmpeg.ax

c:\program files\Common Files\Ulead Systems\MPEG\mcmpgdec.dll

c:\program files\Common Files\Ulead Systems\MPEG\mpegin.dll

c:\program files\K-Lite Codec Pack\Filters\MpegSplitter.ax

c:\progra~1\COMMON~1\ULEADS~2\MPEG\ULDVDA~1.AX

c:\progra~1\COMMON~1\ULEADS~2\MPEG\uvAC3Enc.dll

c:\windows\system32\atxparser.ax

c:\program files\K-Lite Codec Pack\Filters\Haali\splitter.ax

c:\program files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll

c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-03-25 10:05:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-25 14:05

ComboFix2.txt 2010-06-19 12:06

ComboFix3.txt 2010-06-18 21:23

ComboFix4.txt 2010-06-18 10:18

ComboFix5.txt 2012-03-25 00:02

.

Pre-Run: 403,655,204,864 bytes free

Post-Run: 461,423,116,288 bytes free

.

- - End Of File - - 0C4DF9070EACBA32BC3AE19A8BA488A2

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

It is okay.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

Since the instruction to select "skip" instead of "delete" for objects that didn't have "cure" as an option didn't appear until after the step to reboot, I chose delete.

11:26:55.0687 2552 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

11:26:55.0718 2552 ============================================================

11:26:55.0718 2552 Current date / time: 2012/03/25 11:26:55.0718

11:26:55.0718 2552 SystemInfo:

11:26:55.0718 2552

11:26:55.0718 2552 OS Version: 5.1.2600 ServicePack: 3.0

11:26:55.0718 2552 Product type: Workstation

11:26:55.0718 2552 ComputerName: HOME

11:26:55.0718 2552 UserName: Chris

11:26:55.0718 2552 Windows directory: C:\WINDOWS

11:26:55.0718 2552 System windows directory: C:\WINDOWS

11:26:55.0718 2552 Processor architecture: Intel x86

11:26:55.0718 2552 Number of processors: 2

11:26:55.0718 2552 Page size: 0x1000

11:26:55.0718 2552 Boot type: Normal boot

11:26:55.0718 2552 ============================================================

11:26:56.0718 2552 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:26:56.0765 2552 Drive \Device\Harddisk5\DR14 - Size: 0x777FFE00 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:26:56.0765 2552 \Device\Harddisk0\DR0:

11:26:56.0765 2552 MBR used

11:26:56.0765 2552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000

11:26:56.0765 2552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C53F, BlocksNum 0x494B6AC1

11:26:56.0765 2552 \Device\Harddisk5\DR14:

11:26:56.0781 2552 MBR used

11:26:56.0781 2552 \Device\Harddisk5\DR14\Partition0: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F

11:26:56.0859 2552 Initialize success

11:26:56.0859 2552 ============================================================

11:27:51.0031 3152 ============================================================

11:27:51.0031 3152 Scan started

11:27:51.0031 3152 Mode: Manual; SigCheck; TDLFS;

11:27:51.0031 3152 ============================================================

11:27:51.0250 3152 3xHybrid (ebb021c4eb9c4df7d73a50a326d94761) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys

11:27:51.0375 3152 3xHybrid ( UnsignedFile.Multi.Generic ) - warning

11:27:51.0375 3152 3xHybrid - detected UnsignedFile.Multi.Generic (1)

11:27:51.0437 3152 713xTVCard (58a18c53feee4aa387df13242504d574) C:\WINDOWS\system32\DRIVERS\SAA713x.sys

11:27:51.0453 3152 713xTVCard ( UnsignedFile.Multi.Generic ) - warning

11:27:51.0453 3152 713xTVCard - detected UnsignedFile.Multi.Generic (1)

11:27:51.0468 3152 Abiosdsk - ok

11:27:51.0468 3152 abp480n5 - ok

11:27:51.0531 3152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:27:51.0656 3152 ACPI - ok

11:27:51.0703 3152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:27:51.0750 3152 ACPIEC - ok

11:27:51.0765 3152 adpu160m - ok

11:27:51.0796 3152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:27:51.0875 3152 aec - ok

11:27:51.0921 3152 AFD (1d495ee1d3a836801d1fd816ff4a93f9) C:\WINDOWS\System32\drivers\afd.sys

11:27:51.0937 3152 AFD ( Virus.Win32.ZAccess.c ) - infected

11:27:51.0937 3152 AFD - detected Virus.Win32.ZAccess.c (0)

11:27:51.0937 3152 Aha154x - ok

11:27:51.0937 3152 aic78u2 - ok

11:27:51.0953 3152 aic78xx - ok

11:27:51.0953 3152 Aldebaran - ok

11:27:52.0000 3152 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

11:27:52.0062 3152 Alerter - ok

11:27:52.0078 3152 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

11:27:52.0109 3152 ALG - ok

11:27:52.0109 3152 AliIde - ok

11:27:52.0125 3152 amsint - ok

11:27:52.0250 3152 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:27:52.0265 3152 Apple Mobile Device - ok

11:27:52.0265 3152 AppMgmt - ok

11:27:52.0281 3152 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:27:52.0343 3152 Arp1394 - ok

11:27:52.0343 3152 asc - ok

11:27:52.0359 3152 asc3350p - ok

11:27:52.0359 3152 asc3550 - ok

11:27:52.0375 3152 ASPI32 - ok

11:27:52.0406 3152 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:27:52.0406 3152 aspnet_state - ok

11:27:52.0437 3152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:27:52.0500 3152 AsyncMac - ok

11:27:52.0546 3152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:27:52.0625 3152 atapi - ok

11:27:52.0640 3152 Atdisk - ok

11:27:52.0671 3152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:27:52.0734 3152 Atmarpc - ok

11:27:52.0765 3152 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

11:27:52.0843 3152 AudioSrv - ok

11:27:52.0875 3152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:27:52.0937 3152 audstub - ok

11:27:52.0984 3152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:27:53.0046 3152 Beep - ok

11:27:53.0109 3152 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

11:27:53.0171 3152 BITS - ok

11:27:53.0218 3152 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

11:27:53.0218 3152 Bonjour Service - ok

11:27:53.0281 3152 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

11:27:53.0359 3152 Browser - ok

11:27:53.0359 3152 BrScnUsb - ok

11:27:53.0390 3152 Capture Device Service (1778eba872274c1226d869cd9486847e) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

11:27:53.0406 3152 Capture Device Service - ok

11:27:53.0406 3152 catchme - ok

11:27:53.0437 3152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:27:53.0531 3152 cbidf2k - ok

11:27:53.0562 3152 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:27:53.0625 3152 CCDECODE - ok

11:27:53.0625 3152 cd20xrnt - ok

11:27:53.0656 3152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:27:53.0718 3152 Cdaudio - ok

11:27:53.0718 3152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:27:53.0812 3152 Cdfs - ok

11:27:53.0843 3152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:27:53.0906 3152 Cdrom - ok

11:27:53.0906 3152 Changer - ok

11:27:53.0921 3152 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

11:27:53.0984 3152 CiSvc - ok

11:27:54.0015 3152 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

11:27:54.0093 3152 ClipSrv - ok

11:27:54.0156 3152 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:27:54.0156 3152 clr_optimization_v2.0.50727_32 - ok

11:27:54.0171 3152 CmdIde - ok

11:27:54.0171 3152 COMSysApp - ok

11:27:54.0171 3152 Cpqarray - ok

11:27:54.0203 3152 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

11:27:54.0265 3152 CryptSvc - ok

11:27:54.0265 3152 dac2w2k - ok

11:27:54.0281 3152 dac960nt - ok

11:27:54.0328 3152 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

11:27:54.0328 3152 DcomLaunch - ok

11:27:54.0390 3152 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

11:27:54.0453 3152 Dhcp - ok

11:27:54.0500 3152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:27:54.0578 3152 Disk - ok

11:27:54.0578 3152 dmadmin - ok

11:27:54.0625 3152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:27:54.0703 3152 dmboot - ok

11:27:54.0734 3152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:27:54.0796 3152 dmio - ok

11:27:54.0812 3152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:27:54.0875 3152 dmload - ok

11:27:54.0875 3152 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

11:27:54.0937 3152 dmserver - ok

11:27:54.0984 3152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:27:55.0046 3152 DMusic - ok

11:27:55.0078 3152 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

11:27:55.0093 3152 Dnscache - ok

11:27:55.0125 3152 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

11:27:55.0187 3152 Dot3svc - ok

11:27:55.0187 3152 dpti2o - ok

11:27:55.0218 3152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:27:55.0281 3152 drmkaud - ok

11:27:55.0328 3152 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

11:27:55.0343 3152 e1express - ok

11:27:55.0375 3152 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

11:27:55.0453 3152 EapHost - ok

11:27:55.0484 3152 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

11:27:55.0546 3152 ERSvc - ok

11:27:55.0593 3152 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:27:55.0609 3152 Eventlog - ok

11:27:55.0640 3152 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

11:27:55.0640 3152 EventSystem - ok

11:27:55.0656 3152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:27:55.0734 3152 Fastfat - ok

11:27:55.0781 3152 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:27:55.0781 3152 FastUserSwitchingCompatibility - ok

11:27:55.0843 3152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:27:55.0906 3152 Fdc - ok

11:27:55.0906 3152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:27:55.0984 3152 Fips - ok

11:27:56.0015 3152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:27:56.0078 3152 Flpydisk - ok

11:27:56.0125 3152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

11:27:56.0187 3152 FltMgr - ok

11:27:56.0312 3152 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:27:56.0328 3152 FontCache3.0.0.0 - ok

11:27:56.0328 3152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:27:56.0390 3152 Fs_Rec - ok

11:27:56.0437 3152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:27:56.0500 3152 Ftdisk - ok

11:27:56.0531 3152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:27:56.0531 3152 GEARAspiWDM - ok

11:27:56.0562 3152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:27:56.0625 3152 Gpc - ok

11:27:56.0656 3152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:27:56.0718 3152 HDAudBus - ok

11:27:56.0734 3152 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:27:56.0812 3152 helpsvc - ok

11:27:56.0812 3152 HidServ - ok

11:27:56.0859 3152 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:27:56.0937 3152 hidusb - ok

11:27:56.0968 3152 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

11:27:57.0031 3152 hkmsvc - ok

11:27:57.0031 3152 hpn - ok

11:27:57.0046 3152 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

11:27:57.0078 3152 HSFHWBS2 - ok

11:27:57.0109 3152 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

11:27:57.0171 3152 HSF_DPV - ok

11:27:57.0234 3152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:27:57.0265 3152 HTTP - ok

11:27:57.0312 3152 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

11:27:57.0375 3152 HTTPFilter - ok

11:27:57.0375 3152 i2omgmt - ok

11:27:57.0390 3152 i2omp - ok

11:27:57.0406 3152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

11:27:57.0484 3152 i8042prt - ok

11:27:57.0625 3152 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

11:27:57.0828 3152 ialm - ok

11:27:57.0968 3152 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

11:27:57.0984 3152 IDriverT ( UnsignedFile.Multi.Generic ) - warning

11:27:57.0984 3152 IDriverT - detected UnsignedFile.Multi.Generic (1)

11:27:58.0078 3152 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:27:58.0109 3152 idsvc - ok

11:27:58.0140 3152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:27:58.0203 3152 Imapi - ok

11:27:58.0250 3152 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

11:27:58.0312 3152 ImapiService - ok

11:27:58.0312 3152 ini910u - ok

11:27:58.0421 3152 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:27:58.0593 3152 IntcAzAudAddService - ok

11:27:58.0593 3152 IntelIde - ok

11:27:58.0625 3152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:27:58.0687 3152 intelppm - ok

11:27:58.0703 3152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

11:27:58.0796 3152 Ip6Fw - ok

11:27:58.0843 3152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:27:58.0906 3152 IpFilterDriver - ok

11:27:58.0906 3152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:27:59.0000 3152 IpInIp - ok

11:27:59.0015 3152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:27:59.0093 3152 IpNat - ok

11:27:59.0203 3152 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

11:27:59.0250 3152 iPod Service - ok

11:27:59.0281 3152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:27:59.0343 3152 IPSec - ok

11:27:59.0375 3152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:27:59.0390 3152 IRENUM - ok

11:27:59.0421 3152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:27:59.0484 3152 isapnp - ok

11:27:59.0609 3152 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

11:27:59.0609 3152 JavaQuickStarterService - ok

11:27:59.0656 3152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:27:59.0718 3152 Kbdclass - ok

11:27:59.0765 3152 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:27:59.0828 3152 kbdhid - ok

11:27:59.0875 3152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:27:59.0953 3152 kmixer - ok

11:27:59.0984 3152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:28:00.0031 3152 KSecDD - ok

11:28:00.0078 3152 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

11:28:00.0125 3152 LanmanServer - ok

11:28:00.0171 3152 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

11:28:00.0218 3152 lanmanworkstation - ok

11:28:00.0218 3152 lbrtfdc - ok

11:28:00.0250 3152 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

11:28:00.0265 3152 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning

11:28:00.0265 3152 LinksysUpdater - detected UnsignedFile.Multi.Generic (1)

11:28:00.0281 3152 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

11:28:00.0343 3152 LmHosts - ok

11:28:00.0406 3152 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

11:28:00.0406 3152 MDM - ok

11:28:00.0421 3152 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:28:00.0453 3152 mdmxsdk - ok

11:28:00.0515 3152 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

11:28:00.0593 3152 Messenger - ok

11:28:00.0609 3152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:28:00.0671 3152 mnmdd - ok

11:28:00.0703 3152 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

11:28:00.0781 3152 mnmsrvc - ok

11:28:00.0812 3152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:28:00.0906 3152 Modem - ok

11:28:00.0937 3152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:28:01.0000 3152 Mouclass - ok

11:28:01.0046 3152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:28:01.0140 3152 mouhid - ok

11:28:01.0156 3152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:28:01.0218 3152 MountMgr - ok

11:28:01.0265 3152 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

11:28:01.0328 3152 MPE - ok

11:28:01.0343 3152 mraid35x - ok

11:28:01.0359 3152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:28:01.0437 3152 MRxDAV - ok

11:28:01.0500 3152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:28:01.0515 3152 MRxSmb - ok

11:28:01.0578 3152 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

11:28:01.0640 3152 MSDTC - ok

11:28:01.0640 3152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:28:01.0734 3152 Msfs - ok

11:28:01.0734 3152 MSIServer - ok

11:28:01.0765 3152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:28:01.0828 3152 MSKSSRV - ok

11:28:01.0843 3152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:28:01.0890 3152 MSPCLOCK - ok

11:28:01.0921 3152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:28:02.0000 3152 MSPQM - ok

11:28:02.0000 3152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:28:02.0062 3152 mssmbios - ok

11:28:02.0093 3152 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:28:02.0171 3152 MSTEE - ok

11:28:02.0234 3152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:28:02.0234 3152 Mup - ok

11:28:02.0281 3152 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:28:02.0343 3152 NABTSFEC - ok

11:28:02.0375 3152 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

11:28:02.0453 3152 napagent - ok

11:28:02.0453 3152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:28:02.0531 3152 NDIS - ok

11:28:02.0531 3152 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:28:02.0593 3152 NdisIP - ok

11:28:02.0656 3152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:28:02.0703 3152 NdisTapi - ok

11:28:02.0750 3152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:28:02.0812 3152 Ndisuio - ok

11:28:02.0812 3152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:28:02.0890 3152 NdisWan - ok

11:28:02.0937 3152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:28:02.0953 3152 NDProxy - ok

11:28:02.0968 3152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:28:03.0031 3152 NetBIOS - ok

11:28:03.0078 3152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:28:03.0156 3152 NetBT - ok

11:28:03.0187 3152 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:28:03.0250 3152 NetDDE - ok

11:28:03.0250 3152 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:28:03.0312 3152 NetDDEdsdm - ok

11:28:03.0343 3152 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:28:03.0421 3152 Netlogon - ok

11:28:03.0453 3152 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

11:28:03.0531 3152 Netman - ok

11:28:03.0640 3152 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:28:03.0640 3152 NetTcpPortSharing - ok

11:28:03.0656 3152 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:28:03.0718 3152 NIC1394 - ok

11:28:03.0765 3152 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

11:28:03.0765 3152 Nla - ok

11:28:03.0906 3152 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

11:28:03.0921 3152 nmservice - ok

11:28:03.0921 3152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:28:04.0031 3152 Npfs - ok

11:28:04.0078 3152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:28:04.0156 3152 Ntfs - ok

11:28:04.0156 3152 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:28:04.0218 3152 NtLmSsp - ok

11:28:04.0234 3152 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

11:28:04.0296 3152 NtmsSvc - ok

11:28:04.0343 3152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:28:04.0406 3152 Null - ok

11:28:04.0453 3152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:28:04.0515 3152 NwlnkFlt - ok

11:28:04.0515 3152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:28:04.0578 3152 NwlnkFwd - ok

11:28:04.0593 3152 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:28:04.0656 3152 ohci1394 - ok

11:28:04.0656 3152 OMCI - ok

11:28:04.0718 3152 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:28:04.0718 3152 ose - ok

11:28:04.0750 3152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

11:28:04.0796 3152 Parport - ok

11:28:04.0812 3152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:28:04.0875 3152 PartMgr - ok

11:28:04.0906 3152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:28:04.0968 3152 ParVdm - ok

11:28:04.0984 3152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:28:05.0046 3152 PCI - ok

11:28:05.0046 3152 PCIDump - ok

11:28:05.0062 3152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:28:05.0125 3152 PCIIde - ok

11:28:05.0125 3152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:28:05.0218 3152 Pcmcia - ok

11:28:05.0218 3152 PDCOMP - ok

11:28:05.0234 3152 PDFRAME - ok

11:28:05.0234 3152 PDRELI - ok

11:28:05.0234 3152 PDRFRAME - ok

11:28:05.0250 3152 perc2 - ok

11:28:05.0250 3152 perc2hib - ok

11:28:05.0296 3152 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys

11:28:05.0328 3152 pfc ( UnsignedFile.Multi.Generic ) - warning

11:28:05.0328 3152 pfc - detected UnsignedFile.Multi.Generic (1)

11:28:05.0375 3152 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:28:05.0375 3152 PlugPlay - ok

11:28:05.0421 3152 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys

11:28:05.0421 3152 pnarp - ok

11:28:05.0421 3152 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:28:05.0484 3152 PolicyAgent - ok

11:28:05.0515 3152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:28:05.0562 3152 PptpMiniport - ok

11:28:05.0593 3152 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:28:05.0656 3152 ProtectedStorage - ok

11:28:05.0671 3152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:28:05.0750 3152 PSched - ok

11:28:05.0781 3152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:28:05.0859 3152 Ptilink - ok

11:28:05.0875 3152 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

11:28:05.0875 3152 purendis - ok

11:28:05.0906 3152 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:28:05.0906 3152 PxHelp20 - ok

11:28:05.0906 3152 ql1080 - ok

11:28:05.0921 3152 Ql10wnt - ok

11:28:05.0921 3152 ql12160 - ok

11:28:05.0921 3152 ql1240 - ok

11:28:05.0937 3152 ql1280 - ok

11:28:05.0953 3152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:28:06.0015 3152 RasAcd - ok

11:28:06.0046 3152 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

11:28:06.0125 3152 RasAuto - ok

11:28:06.0125 3152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:28:06.0187 3152 Rasl2tp - ok

11:28:06.0218 3152 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

11:28:06.0281 3152 RasMan - ok

11:28:06.0328 3152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:28:06.0375 3152 RasPppoe - ok

11:28:06.0390 3152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:28:06.0453 3152 Raspti - ok

11:28:06.0484 3152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:28:06.0562 3152 Rdbss - ok

11:28:06.0578 3152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:28:06.0640 3152 RDPCDD - ok

11:28:06.0703 3152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:28:06.0718 3152 RDPWD - ok

11:28:06.0734 3152 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

11:28:06.0796 3152 RDSessMgr - ok

11:28:06.0812 3152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:28:06.0875 3152 redbook - ok

11:28:06.0906 3152 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

11:28:06.0968 3152 RemoteAccess - ok

11:28:07.0000 3152 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

11:28:07.0062 3152 RpcLocator - ok

11:28:07.0093 3152 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

11:28:07.0109 3152 RpcSs - ok

11:28:07.0156 3152 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

11:28:07.0218 3152 RSVP - ok

11:28:07.0234 3152 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:28:07.0296 3152 SamSs - ok

11:28:07.0328 3152 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

11:28:07.0390 3152 SCardSvr - ok

11:28:07.0421 3152 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

11:28:07.0484 3152 Schedule - ok

11:28:07.0609 3152 SeagateDashboardService (b29a858aaf869da38e02278f91512c07) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

11:28:07.0609 3152 SeagateDashboardService - ok

11:28:07.0656 3152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:28:07.0703 3152 Secdrv - ok

11:28:07.0750 3152 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

11:28:07.0828 3152 seclogon - ok

11:28:07.0828 3152 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

11:28:07.0890 3152 SENS - ok

11:28:07.0937 3152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

11:28:08.0015 3152 Serial - ok

11:28:08.0046 3152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:28:08.0125 3152 Sfloppy - ok

11:28:08.0171 3152 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

11:28:08.0234 3152 SharedAccess - ok

11:28:08.0265 3152 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:28:08.0281 3152 ShellHWDetection - ok

11:28:08.0281 3152 Simbad - ok

11:28:08.0328 3152 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:28:08.0390 3152 SLIP - ok

11:28:08.0390 3152 sonypvs1 - ok

11:28:08.0390 3152 Sparrow - ok

11:28:08.0421 3152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:28:08.0484 3152 splitter - ok

11:28:08.0500 3152 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

11:28:08.0500 3152 Spooler - ok

11:28:08.0531 3152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:28:08.0546 3152 sr - ok

11:28:08.0562 3152 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

11:28:08.0593 3152 srservice - ok

11:28:08.0625 3152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:28:08.0656 3152 Srv - ok

11:28:08.0687 3152 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

11:28:08.0718 3152 SSDPSRV - ok

11:28:08.0750 3152 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

11:28:08.0812 3152 stisvc - ok

11:28:08.0828 3152 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:28:08.0890 3152 streamip - ok

11:28:08.0906 3152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:28:08.0968 3152 swenum - ok

11:28:09.0015 3152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:28:09.0109 3152 swmidi - ok

11:28:09.0109 3152 SwPrv - ok

11:28:09.0109 3152 symc810 - ok

11:28:09.0125 3152 symc8xx - ok

11:28:09.0125 3152 sym_hi - ok

11:28:09.0125 3152 sym_u3 - ok

11:28:09.0156 3152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:28:09.0234 3152 sysaudio - ok

11:28:09.0265 3152 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

11:28:09.0343 3152 SysmonLog - ok

11:28:09.0375 3152 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

11:28:09.0437 3152 TapiSrv - ok

11:28:09.0468 3152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:28:09.0484 3152 Tcpip - ok

11:28:09.0531 3152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:28:09.0609 3152 TDPIPE - ok

11:28:09.0640 3152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:28:09.0703 3152 TDTCP - ok

11:28:09.0718 3152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:28:09.0781 3152 TermDD - ok

11:28:09.0812 3152 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

11:28:09.0875 3152 TermService - ok

11:28:09.0921 3152 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:28:09.0937 3152 Themes - ok

11:28:09.0937 3152 TosIde - ok

11:28:09.0968 3152 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

11:28:10.0062 3152 TrkWks - ok

11:28:10.0125 3152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:28:10.0187 3152 Udfs - ok

11:28:10.0312 3152 UleadBurningHelper (4bd2c322118a2470b450492a0c3302f9) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

11:28:10.0328 3152 UleadBurningHelper - ok

11:28:10.0328 3152 ultra - ok

11:28:10.0359 3152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:28:10.0437 3152 Update - ok

11:28:10.0468 3152 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

11:28:10.0515 3152 upnphost - ok

11:28:10.0531 3152 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

11:28:10.0609 3152 UPS - ok

11:28:10.0656 3152 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:28:10.0687 3152 USBAAPL - ok

11:28:10.0703 3152 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:28:10.0765 3152 usbaudio - ok

11:28:10.0781 3152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:28:10.0843 3152 usbccgp - ok

11:28:10.0875 3152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:28:10.0937 3152 usbehci - ok

11:28:10.0953 3152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:28:11.0015 3152 usbhub - ok

11:28:11.0046 3152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:28:11.0109 3152 usbprint - ok

11:28:11.0156 3152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:28:11.0218 3152 usbscan - ok

11:28:11.0265 3152 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:28:11.0328 3152 usbstor - ok

11:28:11.0359 3152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:28:11.0406 3152 usbuhci - ok

11:28:11.0453 3152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:28:11.0531 3152 VgaSave - ok

11:28:11.0531 3152 ViaIde - ok

11:28:11.0578 3152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:28:11.0640 3152 VolSnap - ok

11:28:11.0671 3152 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

11:28:11.0703 3152 VSS - ok

11:28:11.0750 3152 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

11:28:11.0828 3152 W32Time - ok

11:28:11.0843 3152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:28:11.0906 3152 Wanarp - ok

11:28:11.0906 3152 WDICA - ok

11:28:11.0968 3152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:28:12.0031 3152 wdmaud - ok

11:28:12.0062 3152 WDMTVTuner (acdda1bc088c7bae5bf311a11be12fa8) C:\WINDOWS\system32\drivers\WDMTuner.sys

11:28:12.0062 3152 WDMTVTuner ( UnsignedFile.Multi.Generic ) - warning

11:28:12.0062 3152 WDMTVTuner - detected UnsignedFile.Multi.Generic (1)

11:28:12.0093 3152 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

11:28:12.0156 3152 WebClient - ok

11:28:12.0203 3152 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:28:12.0234 3152 winachsf - ok

11:28:12.0312 3152 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:28:12.0375 3152 winmgmt - ok

11:28:12.0453 3152 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

11:28:12.0500 3152 WmdmPmSN - ok

11:28:12.0546 3152 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:28:12.0609 3152 WmiApSrv - ok

11:28:12.0750 3152 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe

11:28:12.0796 3152 WMPNetworkSvc - ok

11:28:12.0812 3152 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

11:28:12.0843 3152 WpdUsb - ok

11:28:12.0875 3152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:28:12.0953 3152 WS2IFSL - ok

11:28:13.0015 3152 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

11:28:13.0078 3152 wscsvc - ok

11:28:13.0125 3152 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:28:13.0218 3152 WSTCODEC - ok

11:28:13.0281 3152 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

11:28:13.0343 3152 wuauserv - ok

11:28:13.0406 3152 WudfPf (e910aa1a26463c0efb8c182fc42f069e) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:28:13.0406 3152 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: e910aa1a26463c0efb8c182fc42f069e, Fake md5: df0592a7d6bd4d88ee9ae63ef14e3996

11:28:13.0406 3152 WudfPf ( ForgedFile.Multi.Generic ) - warning

11:28:13.0406 3152 WudfPf - detected ForgedFile.Multi.Generic (1)

11:28:13.0421 3152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:28:13.0437 3152 WudfRd - ok

11:28:13.0468 3152 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

11:28:13.0484 3152 WudfSvc - ok

11:28:13.0515 3152 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

11:28:13.0625 3152 WZCSVC - ok

11:28:13.0656 3152 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

11:28:13.0718 3152 xmlprov - ok

11:28:13.0734 3152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:28:13.0937 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:28:13.0937 3152 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:28:13.0953 3152 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk5\DR14

11:28:14.0046 3152 \Device\Harddisk5\DR14 - ok

11:28:14.0046 3152 Boot (0x1200) (f8ddaa7f43eda69e8f6171629e741b10) \Device\Harddisk0\DR0\Partition0

11:28:14.0046 3152 \Device\Harddisk0\DR0\Partition0 - ok

11:28:14.0078 3152 Boot (0x1200) (04c48804aeab47f659b38d13ba274602) \Device\Harddisk0\DR0\Partition1

11:28:14.0078 3152 \Device\Harddisk0\DR0\Partition1 - ok

11:28:14.0078 3152 Boot (0x1200) (cfd659e6bab5bafe933850252ab82765) \Device\Harddisk5\DR14\Partition0

11:28:14.0078 3152 \Device\Harddisk5\DR14\Partition0 - ok

11:28:14.0078 3152 ============================================================

11:28:14.0078 3152 Scan finished

11:28:14.0078 3152 ============================================================

11:28:14.0187 2140 Detected object count: 9

11:28:14.0187 2140 Actual detected object count: 9

11:30:45.0890 2140 C:\WINDOWS\system32\DRIVERS\3xHybrid.sys - copied to quarantine

11:30:45.0890 2140 HKLM\SYSTEM\ControlSet001\services\3xHybrid - will be deleted on reboot

11:30:45.0890 2140 HKLM\SYSTEM\ControlSet002\services\3xHybrid - will be deleted on reboot

11:30:45.0890 2140 HKLM\SYSTEM\ControlSet003\services\3xHybrid - will be deleted on reboot

11:30:45.0890 2140 C:\WINDOWS\system32\DRIVERS\3xHybrid.sys - will be deleted on reboot

11:30:45.0890 2140 3xHybrid ( UnsignedFile.Multi.Generic ) - User select action: Delete

11:30:46.0015 2140 C:\WINDOWS\system32\DRIVERS\SAA713x.sys - copied to quarantine

11:30:46.0015 2140 HKLM\SYSTEM\ControlSet001\services\713xTVCard - will be deleted on reboot

11:30:46.0015 2140 HKLM\SYSTEM\ControlSet002\services\713xTVCard - will be deleted on reboot

11:30:46.0015 2140 HKLM\SYSTEM\ControlSet003\services\713xTVCard - will be deleted on reboot

11:30:46.0015 2140 C:\WINDOWS\system32\DRIVERS\SAA713x.sys - will be deleted on reboot

11:30:46.0015 2140 713xTVCard ( UnsignedFile.Multi.Generic ) - User select action: Delete

11:30:46.0062 2140 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine

11:30:46.0062 2140 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813

11:30:46.0218 2140 Backup copy found, using it..

11:30:46.0234 2140 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot

11:30:47.0750 2140 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure

11:30:47.0890 2140 C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe - copied to quarantine

11:30:47.0890 2140 HKLM\SYSTEM\ControlSet001\services\IDriverT - will be deleted on reboot

11:30:47.0890 2140 HKLM\SYSTEM\ControlSet002\services\IDriverT - will be deleted on reboot

11:30:47.0890 2140 HKLM\SYSTEM\ControlSet003\services\IDriverT - will be deleted on reboot

11:30:47.0890 2140 C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe - will be deleted on reboot

11:30:47.0890 2140 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Delete

11:30:47.0953 2140 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe - copied to quarantine

11:30:47.0953 2140 HKLM\SYSTEM\ControlSet001\services\LinksysUpdater - will be deleted on reboot

11:30:47.0953 2140 HKLM\SYSTEM\ControlSet002\services\LinksysUpdater - will be deleted on reboot

11:30:47.0953 2140 HKLM\SYSTEM\ControlSet003\services\LinksysUpdater - will be deleted on reboot

11:30:47.0953 2140 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe - will be deleted on reboot

11:30:47.0953 2140 LinksysUpdater ( UnsignedFile.Multi.Generic ) - User select action: Delete

11:30:48.0046 2140 C:\WINDOWS\system32\drivers\pfc.sys - copied to quarantine

11:30:48.0046 2140 HKLM\SYSTEM\ControlSet001\services\pfc - will be deleted on reboot

11:30:48.0046 2140 HKLM\SYSTEM\ControlSet002\services\pfc - will be deleted on reboot

11:30:48.0046 2140 HKLM\SYSTEM\ControlSet003\services\pfc - will be deleted on reboot

11:30:48.0046 2140 C:\WINDOWS\system32\drivers\pfc.sys - will be deleted on reboot

11:30:48.0046 2140 pfc ( UnsignedFile.Multi.Generic ) - User select action: Delete

11:30:48.0093 2140 C:\WINDOWS\system32\drivers\WDMTuner.sys - copied to quarantine

11:30:48.0093 2140 HKLM\SYSTEM\ControlSet001\services\WDMTVTuner - will be deleted on reboot

11:30:48.0093 2140 HKLM\SYSTEM\ControlSet002\services\WDMTVTuner - will be deleted on reboot

11:30:48.0093 2140 HKLM\SYSTEM\ControlSet003\services\WDMTVTuner - will be deleted on reboot

11:30:48.0093 2140 C:\WINDOWS\system32\drivers\WDMTuner.sys - will be deleted on reboot

11:30:48.0093 2140 WDMTVTuner ( UnsignedFile.Multi.Generic ) - User select action: Delete

11:30:48.0171 2140 C:\WINDOWS\system32\DRIVERS\WudfPf.sys - copied to quarantine

11:30:48.0171 2140 HKLM\SYSTEM\ControlSet001\services\WudfPf - will be deleted on reboot

11:30:48.0171 2140 HKLM\SYSTEM\ControlSet002\services\WudfPf - will be deleted on reboot

11:30:48.0171 2140 HKLM\SYSTEM\ControlSet003\services\WudfPf - will be deleted on reboot

11:30:48.0171 2140 C:\WINDOWS\system32\DRIVERS\WudfPf.sys - will be deleted on reboot

11:30:48.0171 2140 WudfPf ( ForgedFile.Multi.Generic ) - User select action: Delete

11:30:48.0218 2140 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

11:30:48.0218 2140 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

11:30:48.0265 2140 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

11:30:48.0281 2140 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

11:30:48.0281 2140 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine

11:30:48.0281 2140 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine

11:30:48.0281 2140 \Device\Harddisk0\DR0\TDLFS - deleted

11:30:48.0281 2140 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

11:30:57.0718 1708 Deinitialize success

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

ComboFix 12-03-22.01 - Chris 03/25/2012 12:03:11.13.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2676 [GMT -4:00]

Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))

.

.

2012-03-25 15:30 . 2012-03-25 15:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-25 00:04 . 2008-04-14 04:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-03-24 21:53 . 2012-03-24 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-24 21:53 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 14:15 . 2012-03-23 14:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2012-03-21 00:36 . 2012-03-21 00:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-03-21 00:28 . 2012-03-21 00:28 -------- d-----w- c:\documents and settings\Chris\Application Data\U3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-25 15:31 . 2008-04-14 04:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-03-25_13.58.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-25 15:32 . 2012-03-25 15:32 16384 c:\windows\temp\Perflib_Perfdata_61c.dat

+ 2004-08-12 14:03 . 2012-03-25 15:36 68834 c:\windows\system32\perfc009.dat

- 2004-08-12 14:03 . 2012-03-13 17:20 68834 c:\windows\system32\perfc009.dat

+ 2004-08-12 14:03 . 2012-03-25 15:36 436064 c:\windows\system32\perfh009.dat

- 2004-08-12 14:03 . 2012-03-13 17:20 436064 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-11-18 155648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-12 50688]

InterVideo WinCinema Manager.lnk - c:\program files\Common Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-5-10 151552]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scheduler for OEM.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scheduler for OEM.lnk

backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-03-28 20:48 622592 ----a-r- c:\program files\Brother\Brmfcmon\brmfcwnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-04-10 19:58 61440 ----a-w- c:\program files\Brother\ControlCenter3\brctrcen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Chris\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\Apps\\utorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"36831:TCP"= 36831:TCP:Bittorrent

"36831:UDP"= 36831:UDP:Bittorrent

.

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 10:47 AM 14088]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 01193201

*NewlyCreated* - 55571608

*Deregistered* - 01193201

*Deregistered* - 55571608

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vaiomediaplatform-integratedserver-upnp

a016bus

nvmd

SQLAgent$MICROSOFTBCM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: + Offline &Explorer: Download the link - file://c:\documents and settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\documents and settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_AllO.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: llbean.com

FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - user.js: general.useragent.extra.brc -

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-01193201.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-25 12:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E2E5262-99BE-253B-781A-A90C2CA29200}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2012-03-25 12:13:23

ComboFix-quarantined-files.txt 2012-03-25 16:13

ComboFix2.txt 2012-03-25 14:05

ComboFix3.txt 2010-06-19 12:06

ComboFix4.txt 2010-06-18 21:23

ComboFix5.txt 2012-03-25 16:02

.

Pre-Run: 461,377,753,088 bytes free

Post-Run: 461,428,969,472 bytes free

.

- - End Of File - - C07EAE2B9618A83D25B0E795D0AC1237

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\AskBarDis

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36831:TCP"=-
"36831:UDP"=-

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1

FireFox::
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

ComboFix 12-03-22.01 - Chris 03/25/2012 13:06:27.14.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2600 [GMT -4:00]

Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini

c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt

c:\program files\AskBarDis

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\askPopStp.dll

c:\program files\AskBarDis\bar\bin\psvince.dll

c:\program files\AskBarDis\bar\Cache\033DA98E.bin

c:\program files\AskBarDis\bar\Cache\033DAF98.bin

c:\program files\AskBarDis\bar\Cache\033DC16B.bin

c:\program files\AskBarDis\bar\Cache\033DC90C.bin

c:\program files\AskBarDis\bar\Cache\033DCFF2.bin

c:\program files\AskBarDis\bar\Cache\125B4435.bin

c:\program files\AskBarDis\bar\Cache\125B44E0.bin

c:\program files\AskBarDis\bar\Cache\125B454E.bin

c:\program files\AskBarDis\bar\Cache\125B45BB.bin

c:\program files\AskBarDis\bar\Cache\125B4629.bin

c:\program files\AskBarDis\bar\Cache\125B4686.bin

c:\program files\AskBarDis\bar\Cache\files.ini

c:\program files\AskBarDis\bar\History\search

c:\program files\AskBarDis\bar\Settings\prevcfg.htm

c:\program files\AskBarDis\PopSwatter\History\allowed

c:\program files\AskBarDis\PopSwatter\History\notallow

c:\program files\AskBarDis\unins000.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))

.

.

2012-03-25 15:30 . 2012-03-25 15:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-25 00:04 . 2008-04-14 04:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-03-24 21:53 . 2012-03-24 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-24 21:53 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 14:15 . 2012-03-23 14:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2012-03-21 00:36 . 2012-03-21 00:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-03-21 00:28 . 2012-03-21 00:28 -------- d-----w- c:\documents and settings\Chris\Application Data\U3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-25 15:31 . 2008-04-14 04:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-03-25_13.58.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-25 15:32 . 2012-03-25 15:32 16384 c:\windows\temp\Perflib_Perfdata_61c.dat

+ 2004-08-12 14:03 . 2012-03-25 15:36 68834 c:\windows\system32\perfc009.dat

- 2004-08-12 14:03 . 2012-03-13 17:20 68834 c:\windows\system32\perfc009.dat

+ 2004-08-12 14:03 . 2012-03-25 15:36 436064 c:\windows\system32\perfh009.dat

- 2004-08-12 14:03 . 2012-03-13 17:20 436064 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-11-18 155648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-12 50688]

InterVideo WinCinema Manager.lnk - c:\program files\Common Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-5-10 151552]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scheduler for OEM.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scheduler for OEM.lnk

backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-03-28 20:48 622592 ----a-r- c:\program files\Brother\Brmfcmon\brmfcwnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-04-10 19:58 61440 ----a-w- c:\program files\Brother\ControlCenter3\brctrcen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Chris\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\Apps\\utorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 10:47 AM 14088]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 01193201

*NewlyCreated* - 55571608

*Deregistered* - 01193201

*Deregistered* - 55571608

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vaiomediaplatform-integratedserver-upnp

a016bus

nvmd

SQLAgent$MICROSOFTBCM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: + Offline &Explorer: Download the link - file://c:\documents and settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\documents and settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_AllO.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: llbean.com

FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: general.useragent.extra.brc -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-25 13:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E2E5262-99BE-253B-781A-A90C2CA29200}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2012-03-25 13:11:59

ComboFix-quarantined-files.txt 2012-03-25 17:11

ComboFix2.txt 2012-03-25 16:13

ComboFix3.txt 2012-03-25 14:05

ComboFix4.txt 2010-06-19 12:06

ComboFix5.txt 2012-03-25 17:05

.

Pre-Run: 461,445,844,992 bytes free

Post-Run: 461,426,782,208 bytes free

.

- - End Of File - - 50D00020C125BD04E4EFF457E55C3EEF

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e291dd68e12a034688c4230813be804d

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-03-25 07:30:43

# local_time=2012-03-25 03:30:43 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=128806

# found=133

# cleaned=133

# scan_time=2663

C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\0\43296140-6703670d a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-66366d53 a variant of Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\36\5f7fa64-3894c878 a variant of Java/Exploit.CVE-2011-3544.S trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\53\148d9175-287ddff8 a variant of Win32/Kryptik.YUV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\lnkmst.exe Win32/KeyLogger.Refog.615 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\Mpk.dll a variant of Win32/Monitor.MIPKOEmployeeMonitor.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\MPK.exe a variant of Win32/KeyLogger.Refog.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\MPKView.exe a variant of Win32/KeyLogger.Refog.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\42cb71c0-45357f5d a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\750b9981-6d1054e2 Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\11\32e91cb-33990630 a variant of Win32/Kryptik.YWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\f9046cc-11c8b182 a variant of Win32/Kryptik.YGP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\4f644652-76cac87c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\5f65a812-786887b3 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\72176c93-3792f53f Java/Exploit.CVE-2011-3544.Y trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\3117ad42-4c327935 probably a variant of Win32/TrojanDownloader.Agent.YSESGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\3aa4da42-779b3410 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\619fd554-3e40bccd a variant of Win32/Kryptik.ACDA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\1dccba96-6cc80d60 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\305fa216-450afec4 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\30f23856-53b09990 a variant of Java/Exploit.CVE-2011-3544.Q trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-641faf3f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\24\5af05e58-1cb6d95b probably a variant of Win32/TrojanDownloader.Agent.YSESGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\21fbfb19-7216f3e7 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\62516759-36b14bb9 a variant of Java/Exploit.CVE-2011-3544.AX trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\44bde69a-2f69e8be a variant of Win32/Kryptik.YGY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\227948db-655cba06 a variant of Win32/Kryptik.YXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\4b57c39b-6da6123e a variant of Win32/Kryptik.YMK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\28\6aff9edc-7064d3a4 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-78acbbb5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\2be4045d-6636abdb a variant of Win32/Kryptik.YXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\45bc5fdd-21c05461 a variant of Win32/Kryptik.YZG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\3b6b9743-1a6464c0 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\670971c3-5afd52fa a variant of Win32/Kryptik.ACLH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\163c099f-7f4d3d4e a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\196b589f-288d6632 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\66992461-25ea4f31 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\7f4bc8a1-2c1c78de multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-57ad8ee4 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\4eb96ee2-1c54d88b a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\5e2bd0e2-4b4d8dd0 a variant of Win32/Kryptik.YDP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\2091f363-664bd030 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\26ebc223-44cdba87 Win32/TrojanDownloader.Zurgop.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\209f30a4-581f1bb5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\40ecb367-16a11a85 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\764ce04-73b8c6c8 a variant of Win32/Kryptik.YCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\52ecebe9-73cabb4f probably a variant of Win32/TrojanDownloader.Agent.YSESGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\42\2d4937ea-57e047e6 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-37c8b1f9 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\1c905ad-3c9cc715 a variant of Java/Exploit.CVE-2011-3544.Q trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\70e9b06d-7849bd7f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-65cf71ff a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\3d099aae-1175c6bd a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-48e4ee5b a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\2f8cb32f-738429e6 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\6269146f-1dabc975 a variant of Win32/Kryptik.ABHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\49\31c2ccb1-5e896f23 a variant of Win32/Kryptik.YWV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\37619df2-754fbd93 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\2bc3f6b3-790300de a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\33ce1c73-3b200732 a variant of Win32/Kryptik.YLL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\66fed433-60768764 a variant of Win32/Kryptik.YLA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\58007f34-2a64dfd8 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\671b4075-329bb982 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\6e5d04f5-5b8e6612 a variant of Win32/Kryptik.YBA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\40dcf279-3ed8d398 a variant of Win32/Kryptik.YEZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\5ec9a79-2fdca396 a variant of Win32/Kryptik.YMK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\38ec98ba-3321c652 a variant of Win32/Kryptik.YRJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\7f53cd3b-2cc84bb6 Java/Exploit.CVE-2011-3544.AX trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\3a0450c6-4680d366 a variant of Java/Exploit.CVE-2011-3544.Q trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\60\34e94e7c-47b32c92 a variant of Win32/Kryptik.YCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\60\3d2866fc-2419b41b a variant of Java/Exploit.CVE-2011-3544.BA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\6163393d-4df3df27 a variant of Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\6995a2fd-685a364d a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\62\40a0837e-76886c91 a variant of Win32/Kryptik.ZFQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\40b3013f-6a6ac177 Java/Exploit.Blacole.AN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\8\39f00088-27b28158 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\61dde289-417ef1be a variant of Java/Exploit.Blacole.AK trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-17717a5f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\nvax.dll.vir probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP501\A0109962.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP501\A0109985.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP501\A0110001.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP504\A0110053.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP505\A0111053.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP508\A0111091.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP509\A0111117.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP509\A0112117.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP512\A0112167.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113167.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113179.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113193.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113201.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113254.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113270.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113280.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0114280.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115280.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115289.exe a variant of Win32/Kryptik.YUV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115291.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115301.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115317.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115358.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115369.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115377.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115385.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115393.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115401.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115415.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115426.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115440.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115449.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116449.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116459.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116467.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116491.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116498.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116523.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116554.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116564.exe a variant of Win32/Kryptik.ABNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116565.exe a variant of Win32/Kryptik.YUV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116575.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116586.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116598.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116979.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116991.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0117184.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118184.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118329.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118364.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118381.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\25.03.2012_11.26.55\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\25.03.2012_11.26.55\tdlfs0000\tsk0004.dta Win32/Olmarik.XU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

OTL logfile created on: 3/26/2012 6:25:24 AM - Run 11

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Chris\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.76% Memory free

5.08 Gb Paging File | 4.37 Gb Available in Paging File | 86.03% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 586.36 Gb Total Space | 433.25 Gb Free Space | 73.89% Space Free | Partition Type: NTFS

Drive H: | 9.77 Gb Total Space | 4.74 Gb Free Space | 48.54% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)

PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

PRC - C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - C:\WINDOWS\system32\qdvd.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll ()

MOD - C:\WINDOWS\system32\pdf995mon.dll ()

MOD - C:\WINDOWS\system32\qcap.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (sonypvs1) -- system32\DRIVERS\sonypvs1.sys File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\DOCUME~1\Chris\LOCALS~1\Temp\catchme.sys File not found

DRV - (BrScnUsb) -- system32\DRIVERS\BrScnUsb.sys File not found

DRV - (ASPI32) -- File not found

DRV - (Aldebaran) -- C:\WINDOWS\system32\Drivers\Aldebaran.sys File not found

DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)

DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)

DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandy-chromesbox-en-us&tb_uuid=20110711011543390&tb_oid=11-07-2011&tb_mrud=11-07-2011

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS_en

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {83FEA686-C28B-437B-B276-01A4D5FB1548}:1.9.1

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{83FEA686-C28B-437B-B276-01A4D5FB1548}: C:\Documents and Settings\Chris\Local Settings\Application Data\{83FEA686-C28B-437B-B276-01A4D5FB1548}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6B166C6F-8C27-4926-9B7A-7EBEF389EEDC}: C:\Documents and Settings\Steven2\Local Settings\Application Data\{6B166C6F-8C27-4926-9B7A-7EBEF389EEDC}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DD94804E-2795-4898-BDE2-3D8D50C9735F}: C:\Documents and Settings\Brian\Local Settings\Application Data\{DD94804E-2795-4898-BDE2-3D8D50C9735F}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/13 05:50:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/13 05:50:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 20:18:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 07:59:43 | 000,000,000 | ---D | M]

[2009/04/11 20:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions

[2009/04/11 20:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2012/03/25 13:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions

[2010/04/29 21:04:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/27 08:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}

[2010/04/27 08:30:19 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}

[2010/05/06 20:26:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/01/29 12:07:46 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/04/29 21:04:37 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\facepad@lazyrussian.com

[2010/12/15 16:12:32 | 000,000,923 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\conduit.xml

[2010/10/26 20:10:51 | 000,002,232 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\rapidpedia.xml

[2012/01/10 08:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/26 19:21:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/07/20 22:34:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\65YUMN1J.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\LOCAL SETTINGS\APPLICATION DATA\{83FEA686-C28B-437B-B276-01A4D5FB1548}

[2011/05/13 05:50:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO

[2011/05/13 05:50:32 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

[2010/04/03 14:31:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/07/13 20:45:13 | 001,152,488 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll

========== Chrome ==========

O1 HOSTS File: ([2012/03/25 13:08:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()

O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\Common Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Documents and Settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_UrlO.htm ()

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Documents and Settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_AllO.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..Trusted Domains: llbean.com ([]* in Trusted sites)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237904923229 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://portal.llbean.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7AD30D5-826C-4BD6-8322-3AB9ACAE503F}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/11/12 23:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 06:24:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe

[2012/03/25 21:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\FT Video

[2012/03/25 21:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Video Save

[2012/03/25 18:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/03/25 14:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/03/25 13:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/03/25 11:59:43 | 004,443,082 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe

[2012/03/25 11:30:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/03/25 11:26:17 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe

[2012/03/24 20:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/03/24 18:28:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr

[2012/03/24 17:53:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/24 17:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/24 09:55:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Activision Value

[2012/03/24 09:55:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX

[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories

[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DeductionPro 2009

[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel Photo Center

[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Content Transfer

[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother

[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2010

[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2009

[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games

[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Video Converter

[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eDATA Unerase

[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linksys

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVR 3

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hulu Downloader

[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\honestech

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PaperPort 9.0

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXresizer

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCFriendly

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office

[2012/03/24 09:54:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy

[2012/03/24 09:54:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avidemux

[2012/03/24 09:54:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WALKMAN Guide

[2012/03/24 09:54:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\virtualStudio

[2012/03/24 09:54:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Triscape

[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WorldWinner Games

[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0

[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TaxCut 2008

[2012/03/20 20:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\U3

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 06:26:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/03/26 06:24:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe

[2012/03/26 06:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/26 06:20:39 | 000,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/25 21:49:35 | 000,436,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/25 21:49:35 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/25 21:48:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/03/25 21:34:59 | 000,144,384 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/25 18:13:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/03/25 18:12:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/25 13:08:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/03/25 11:59:56 | 004,443,082 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe

[2012/03/25 11:24:44 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe

[2012/03/24 17:53:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/23 10:07:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr

[2012/03/15 10:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/02/27 07:43:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 18:17:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/03/25 18:13:14 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/03/25 18:12:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/03/25 14:41:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/03/25 14:41:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/03/24 20:16:33 | 000,001,946 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

[2012/03/24 20:16:33 | 000,001,618 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[2012/03/24 17:53:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/24 09:57:07 | 000,001,602 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/03/24 09:57:07 | 000,001,542 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/03/24 09:56:29 | 000,001,620 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/03/24 09:56:29 | 000,000,800 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/03/24 09:56:29 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2012/03/24 09:56:29 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/03/24 09:54:26 | 000,002,347 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/03/24 09:54:26 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2012/03/24 09:54:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2012/03/24 09:54:26 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/03/24 09:54:26 | 000,000,740 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk

[2012/03/24 09:54:26 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2012/01/10 09:35:37 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pDr

[2012/01/10 09:35:36 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pD

[2012/01/10 09:35:31 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Vk3rxx1jwxy8pD

[2011/12/23 14:01:28 | 000,012,570 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k

[2011/11/15 12:05:27 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw54.bin

[2011/08/10 06:13:31 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/05/22 12:50:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\_isenv31.ini

[2011/05/22 12:50:52 | 000,000,436 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2011/05/22 12:50:22 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011/05/10 08:16:02 | 000,352,256 | R--- | C] () -- C:\WINDOWS\713xRMTMon.exe

[2011/04/23 23:09:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cfetihir.dat

[2011/04/23 23:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ktoqujolijefedaw.bin

[2010/12/14 23:12:05 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2010/10/02 12:51:48 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\tc7.exe

[2010/07/26 06:14:10 | 000,203,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/17 05:49:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/17 05:49:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/17 05:49:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/17 05:49:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/17 05:49:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/04/20 13:39:21 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Icons

[2010/04/20 13:39:21 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Chris\Application Data\Hybrid Basic

[2010/04/20 13:39:21 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT

[2010/04/20 13:39:21 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Instrument Library

[2010/04/20 13:38:02 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Chris\Application Data\Horn Section

[2010/04/20 13:38:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2010/04/13 13:00:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2010/04/13 13:00:09 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2010/04/13 13:00:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/04/13 12:13:18 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

========== LOP Check ==========

[2008/11/13 16:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2010/03/27 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/05/12 14:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon

[2011/07/24 10:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2010/04/20 13:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2011/05/10 08:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2008/11/13 00:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2009/01/09 21:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys

[2011/04/12 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2008/11/15 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/01/19 13:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2011/01/18 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut

[2009/02/19 21:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2010/04/20 13:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2008/12/18 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2008/11/13 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/02/23 16:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer

[2011/07/16 10:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner

[2010/05/04 23:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/11 23:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/27 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ACAPsoft

[2011/07/24 10:00:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Ashampoo

[2011/04/24 09:04:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\avidemux

[2010/12/13 21:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus

[2011/05/13 06:16:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\DDMSettings

[2011/07/24 09:47:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft

[2010/12/14 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ElevatedDiagnostics

[2008/12/19 21:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FinalBurner Video DVD

[2011/04/13 22:21:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\FreeAudioPack

[2011/01/16 00:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FreeBurner

[2011/06/29 21:23:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\FreeVideoConverter

[2011/07/17 18:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FxFotoDB

[2011/08/23 06:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Juniper Networks

[2010/11/28 13:31:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech

[2010/05/05 22:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Moyea

[2008/11/16 21:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller

[2008/11/16 20:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Musicmatch

[2011/10/22 10:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Offline Explorer

[2010/05/06 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Orbit

[2010/01/05 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC-FAX TX

[2010/04/13 13:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pdf995

[2009/02/17 13:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ScanSoft

[2010/11/28 23:03:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Seagate

[2009/04/27 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Sinner

[2011/04/12 19:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TaxCut

[2008/12/31 07:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ulead Systems

[2011/07/26 09:53:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent

[2011/04/24 22:12:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Xilisoft Corporation

[2011/06/27 01:11:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Eileen\Application Data\DDMSettings

[2009/04/04 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eileen\Application Data\Leadertech

[2011/07/10 21:15:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Eileen\Application Data\OpenCandy

[2008/11/17 08:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eileen\Application Data\ScanSoft

[2011/06/13 17:59:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Eileen\Application Data\Seagate

[2009/01/25 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eileen\Application Data\Ulead Systems

[2011/01/31 01:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Seagate

[2010/11/28 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate

[2012/03/26 06:26:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

****************************************************************************************************************

No "Extras.Txt" window was opened.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
    FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
    [2010/12/15 16:12:32 | 000,000,923 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\conduit.xml
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\65YUMN1J.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    [2012/01/10 09:35:37 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pDr
    [2012/01/10 09:35:36 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pD
    [2012/01/10 09:35:31 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Vk3rxx1jwxy8pD
    [2011/12/23 14:01:28 | 000,012,570 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
    [2010/10/02 12:51:48 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\tc7.exe
    [2008/11/13 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/12/13 21:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
    [2011/07/26 09:53:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites
cwjme

cwjme

Posted
  • Author
Posted

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems

C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\conduit.xml moved successfully.

C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pDr moved successfully.

C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pD moved successfully.

C:\Documents and Settings\All Users\Application Data\Vk3rxx1jwxy8pD moved successfully.

C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k moved successfully.

C:\Documents and Settings\Chris\Application Data\tc7.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\torrents folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\tmp folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\subs folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\shares folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\rss folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\plugins\mlab folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\plugins\hvi folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\plugins folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\net folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\logs\save folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\logs folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\dht folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\devices folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus\active folder moved successfully.

C:\Documents and Settings\Chris\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\Chris\Application Data\uTorrent\dlimagecache folder moved successfully.

C:\Documents and Settings\Chris\Application Data\uTorrent\apps folder moved successfully.

C:\Documents and Settings\Chris\Application Data\uTorrent folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Brian Johnson

User: Chris

->Temp folder emptied: 672846 bytes

->Temporary Internet Files folder emptied: 181769516 bytes

->Java cache emptied: 232993 bytes

->FireFox cache emptied: 107050907 bytes

->Google Chrome cache emptied: 8035756 bytes

->Flash cache emptied: 74055 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Eileen

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 21708 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 289866 bytes

->Flash cache emptied: 226064 bytes

User: Steven2

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 71478794 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 29548276 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 383.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 03262012_174656

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_414.dat moved successfully.

File\Folder C:\WINDOWS\temp\TMP00000001B32C2CE35FB53C4E not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.