"Object name";"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVP"
"Detection name";"Found Adware.Generic"
"Object type";"registry key"
"SDK Type";"Core"
"Result";"Potentially dangerous object"
"Action history";"Moved to Virus vault"
When I googled the object name above it came back as Virus:Win32p/Sapaq.A, but not much info on how to remove it successfully.
I had another malware “Antivirus soft” about a week ago that was detected and removed by superantispyware, and this was when I first noticed problems of running slow and locking up, but its gotten worse. Upon recommendation, I uninstalled superantispyware and installed Malwarebytes instead. It runs fine and doesn't detect anything.
PC was hanging on normal boot - i ran chkdsk and it seemed to fix temporarily so I can sometimes boot normal, although when I go in safe mode it still hangs at crcdisk.sys for quite a while before it proceeds to login page.
Any help greatly appreciated.
I have run DDS & GMER (attached) as instructed in sticky.
Here's DDS
----------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mark at 21:22:03.78 on Sun 04/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3023.1784 [GMT -7:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\naa8ptap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=60459&p=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\naa8ptap.default\extensions\{a0729639-d831-46c9-811b-9b0aa79fb45a}\components\FFExternalAlert.dll
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\naa8ptap.default\extensions\{a0729639-d831-46c9-811b-9b0aa79fb45a}\components\RadioWMPCore.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\mark\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-4-9 40560]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-11 162640]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-5-29 95592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-11 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-11 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-11 40384]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-11 40384]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-6-26 12840]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-26 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-5-14 224384]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-14 112128]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-7-22 23096]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2010-3-14 3272048]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
=============== Created Last 30 ================
2010-04-12 04:19:29 0 ----a-w- c:\users\mark\defogger_reenable
2010-04-12 00:58:20 0 d-----w- c:\programdata\IObit
2010-04-12 00:58:16 0 d-----w- c:\program files\IObit
2010-04-11 21:53:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-11 21:52:22 0 d-----w- c:\programdata\Alwil Software
2010-04-10 21:06:52 0 d-----w- c:\program files\Western Digital
2010-04-10 21:00:54 0 d-----w- C:\archive_db
2010-04-10 20:40:49 0 d-----w- c:\programdata\Paragon
2010-04-10 06:34:54 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-04-10 06:32:43 0 d-----w- c:\program files\Paragon Software
2010-04-09 23:16:46 0 d-----w- c:\programdata\Kaspersky Lab
2010-04-09 20:32:35 0 d-----w- c:\program files\TrendMicro
2010-04-09 08:01:00 6144 ------w- c:\windows\system32\26D2.tmp
2010-04-09 08:00:48 6144 ------w- c:\windows\system32\F9D8.tmp
2010-04-09 08:00:23 0 d-----w- c:\program files\Sophos
2010-04-09 07:57:45 0 d-----w- c:\users\mark\appdata\roaming\Malwarebytes
2010-04-09 07:57:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 07:57:31 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 07:57:31 0 d-----w- c:\programdata\Malwarebytes
2010-04-09 07:57:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 03:26:59 0 d-----w- c:\programdata\PC Suite
2010-04-06 03:26:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-06 03:21:57 0 d-----w- c:\programdata\Nokia
2010-04-06 03:14:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-06 03:13:24 0 d-----w- c:\program files\PC Connectivity Solution
2010-04-06 03:09:01 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-04-06 03:08:04 0 d-----w- c:\program files\Nokia
2010-04-06 03:08:04 0 d-----w- c:\program files\common files\Nokia
2010-04-06 03:00:07 0 d-----w- c:\programdata\Installations
2010-04-03 23:30:06 0 d-----w- c:\program files\Orb Networks
2010-03-31 13:57:01 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 13:56:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-29 19:02:18 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-29 19:01:52 0 d-----w- c:\users\mark\appdata\roaming\SUPERAntiSpyware.com
2010-03-29 19:01:52 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-24 10:55:17 0 d-----w- c:\programdata\Gosu
2010-03-22 21:25:18 1716297 ----a-w- c:\windows\system32\InetClnt.dll
2010-03-16 02:44:14 0 d-----w- c:\program files\New Plugins
2010-03-16 02:33:33 0 d-----w- c:\users\mark\Swarmcast
2010-03-16 00:48:14 0 d-----w- c:\programdata\McAfee
2010-03-16 00:09:10 0 d-----w- c:\program files\common files\ffdshowEx
2010-03-16 00:09:06 0 d-----w- c:\program files\common files\TV-Websites
2010-03-16 00:09:05 0 d-----w- c:\program files\MediaMall
2010-03-16 00:08:50 0 d-----w- c:\programdata\MediaMall
==================== Find3M ====================
2010-04-12 04:16:26 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-12 04:16:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-12 04:16:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-22 21:25:16 52424 ----a-w- c:\windows\fonts\QT2M_P.TTF
2010-03-22 21:25:16 35632 ----a-w- c:\windows\fonts\QT2_I.TTF
2010-03-22 21:25:16 35064 ----a-w- c:\windows\fonts\QT2C_P.TTF
2010-03-22 21:25:16 32764 ----a-w- c:\windows\fonts\QT2C_B.TTF
2010-03-22 21:25:16 32012 ----a-w- c:\windows\fonts\QT2C_I.TTF
2010-03-22 21:25:16 31276 ----a-w- c:\windows\fonts\QT2_B.TTF
2010-03-22 21:25:16 30892 ----a-w- c:\windows\fonts\QT2_P.TTF
2010-03-22 21:25:16 28532 ----a-w- c:\windows\fonts\OCRA2_P.TTF
2010-03-22 21:25:16 24612 ----a-w- c:\windows\fonts\OCRBMT.TTF
2010-03-22 21:25:16 20900 ----a-w- c:\windows\fonts\QT2PI_P.TTF
2010-02-24 20:11:40 23920 ----a-w- c:\windows\system32\drivers\povrtdev.sys
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-15 19:21:28 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-01-15 19:21:18 249872 ----a-w- c:\windows\system32\prgiso.dll
2009-11-18 10:21:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 21:22:56.03 ===============