Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a mass-mail virus (don't know name)


  • This topic is locked This topic is locked
20 replies to this topic

#1 Zak McKracken

Zak McKracken

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 18 August 2010 - 12:13 PM

I have been infected with a virus spamming emails.
I realized that when my internet connections suddenly hiccups.

I can see many connections on port 25, and a few connections on the port 443.

What I have done for the moment:
- discovered an open connection to server 77.67.10.x on port 443
- added a rule on windows Firewall to block IP 77.67.10.0/24
- discovered some other connections to servers, with others IP, and very very much connections on port 25
- added a rule to block every connection on port 25


Now my computer is "usable" but the virus is still in. If I remove the above rules on the firewall, spam starts again.

Can you please help me in found & destroy this virus?

Thanks in advance.


Following the DDS and GMER logs, and other required attachments:


DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:47:52,08 on 17/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3582.2462 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\BlueTooth\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\FreePOPs\freepopsservice.exe
C:\Program Files\FreePOPs\freepopsd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\DLULMeterFree\UKDUMFree.exe
C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Download\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [TelekomatXP] c:\program files\dlulmeterfree\UKDUMFree.exe
uRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [TurboV EVO] "c:\program files\asus\turbov evo\TurboV_EVO.exe" -b
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [UsbBoost] c:\program files\usbboost\TurboHddUsb.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\babylon.lnk - c:\programmi\babylon\babylon-pro\Babylon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averhi~1.lnk - c:\program files\common files\avermedia\averquick\AVerHIDReceiver.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Translate with &Babylon - /Translate.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120763713796
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {28B45408-2D45-42DD-B1FC-31B7DDCCB7B7} = 208.67.222.222,208.67.220.220
TCP: 77C616E6D21607 = 208.67.222.222,208.67.220.220
TCP: {E7FEB51A-11ED-4A45-A92D-69A89F18CA62} = 208.67.220.220,208.67.222.222
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\default.9um\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\picasa\npPicasa3.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\user\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\default.9um\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programdata\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programdata\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programdata\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-28 11608]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2010-6-2 30656]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-4-15 7936]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-28 185089]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-10-15 90112]
R2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2009-10-29 344064]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-28 56816]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-7-17 319488]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\drivers\eugssxp.sys [2010-6-2 68040]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-27 47640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-6-22 1334784]
R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [2009-6-10 1169920]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-12-12 16472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-12 257568]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-15 1067008]
S2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2009-10-29 389120]
S2 gupdate1c98d604e5770e0;Servizio di Google Update (gupdate1c98d604e5770e0);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\agux86.sys [2008-8-6 905728]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-10-21 1238272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DPNQ;DPNQ;c:\users\user\appdata\local\temp\DPNQ.exe [2010-8-15 433024]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2005-7-26 43968]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-4-15 23680]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\drivers\WUSB300Nx86.sys [2007-3-13 312320]
S3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-30 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-6-30 1097096]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2005-6-20 215040]
S3 UOGTPET;UOGTPET;c:\users\user\appdata\local\temp\UOGTPET.exe [2010-8-15 519040]
S3 vpcuxd;Servizio stub virtualizzazione USB;c:\windows\system32\drivers\vpcuxd.sys [2009-10-22 12800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-13 1343400]
S4 MySQL5;MySQL5;"c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql5 --> c:\program files\mysql\mysql server 5.0\bin\mysqld-nt [?]

=============== Created Last 30 ================

2010-08-14 23:00:55 0 d-----w- c:\program files\Sophos
2010-08-14 22:55:21 0 d-----w- c:\programdata\Downloaded Installations
2010-08-14 22:21:00 0 ----a-w- c:\windows\system32\FSCL
2010-08-14 21:37:41 64 ----a-w- c:\windows\system32\-1
2010-08-14 21:30:12 0 d-----w- c:\programdata\SecTaskMan
2010-08-14 21:30:09 0 d-----w- c:\program files\Security Task Manager
2010-08-14 21:28:33 0 d-----w- c:\program files\Wireshark
2010-08-14 21:00:58 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-14 21:00:49 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-14 14:29:13 118 ----a-w- c:\windows\system32\MRT.INI
2010-08-14 14:25:28 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-14 14:23:54 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 14:23:54 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 14:23:53 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-14 14:22:41 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 14:22:40 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 14:22:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-14 14:22:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-14 12:59:32 764416 ----a-w- c:\windows\system32\drivers\gnvkt.sys
2010-08-14 12:59:15 585504 ----a-w- c:\windows\system32\drivers\tbmym.sys
2010-08-14 12:58:58 16 ----a-w- c:\users\user\appdata\roaming\bawuho.dat
2010-08-13 17:32:25 0 d-----w- c:\windows\system32\Wat
2010-08-12 17:09:27 0 d-----w- c:\program files\common files\Akamai
2010-08-02 21:35:39 0 d-----w- c:\users\user\appdata\roaming\Samsung
2010-08-02 21:26:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-08-02 21:05:11 2097152 ----a-w- C:\P7P55D-ASUS-1702.ROM
2010-08-02 21:04:48 66952 ----a-w- C:\BUPDATER.EXE
2010-08-02 21:04:05 0 d-----w- c:\users\user\appdata\roaming\DNA
2010-08-02 21:04:05 0 d-----w- c:\program files\DNA
2010-07-31 13:24:11 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-07-31 13:23:55 0 d-----w- c:\program files\DWD
2010-07-28 15:52:10 0 d-----w- c:\programdata\LogMeIn
2010-07-28 15:51:57 0 d-----w- c:\program files\LogMeIn
2010-07-27 19:14:01 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-07-22 16:59:42 33556 ----a-w- c:\windows\system32\netathuw.inf
2010-07-22 16:59:42 26 ----a-r- c:\windows\system32\netathuw.cat
2010-07-22 16:59:42 26 ----a-r- c:\windows\system32\athurext.cat
2010-07-22 16:59:42 1668352 ----a-w- c:\windows\system32\athuw.sys
2010-07-22 16:59:42 15451 ----a-w- c:\windows\system32\netathur.inf
2010-07-22 16:59:41 1334784 ----a-w- c:\windows\system32\athur.sys
2010-07-22 16:58:38 0 d-----w- c:\programdata\Atheros
2010-07-22 16:51:18 65536 --sha-w- c:\users\user\ntuser.dat{9c86f0f2-95b0-11df-9bbc-90e6ba15597f}.TM.blf
2010-07-22 16:51:18 524288 --sha-w- c:\users\user\ntuser.dat{9c86f0f2-95b0-11df-9bbc-90e6ba15597f}.TMContainer00000000000000000002.regtrans-ms
2010-07-22 16:51:18 524288 --sha-w- c:\users\user\ntuser.dat{9c86f0f2-95b0-11df-9bbc-90e6ba15597f}.TMContainer00000000000000000001.regtrans-ms
2010-07-22 16:31:42 65536 --sha-w- c:\users\user\ntuser.dat{238abf93-95a8-11df-a2f8-90e6ba15597f}.TM.blf
2010-07-22 16:31:42 524288 --sha-w- c:\users\user\ntuser.dat{238abf93-95a8-11df-a2f8-90e6ba15597f}.TMContainer00000000000000000002.regtrans-ms
2010-07-22 16:31:42 524288 --sha-w- c:\users\user\ntuser.dat{238abf93-95a8-11df-a2f8-90e6ba15597f}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-08-17 16:41:39 691004 ----a-w- c:\windows\system32\perfh010.dat
2010-08-17 16:41:39 125044 ----a-w- c:\windows\system32\perfc010.dat
2010-08-13 17:32:41 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-13 17:32:41 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-13 17:32:41 13824 ----a-w- c:\windows\system32\slwga.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-25 17:07:40 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07:24 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07:14 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-25 17:03:12 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-09 16:58:12 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 14:06:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-02 14:06:30 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-02 14:06:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 08:21:00 37534 ------w- c:\windows\inf\perflib\0410\perfd.dat
2009-07-14 08:21:00 37534 ------w- c:\windows\inf\perflib\0410\perfc.dat
2009-07-14 08:21:00 335478 ------w- c:\windows\inf\perflib\0410\perfi.dat
2009-07-14 08:21:00 335478 ------w- c:\windows\inf\perflib\0410\perfh.dat
2009-07-14 04:41:57 174 --sh--w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ------w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ------w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ------w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ------w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-23 22:44:15 217073 --sh--r- c:\windows\meta4.exe
2009-06-10 21:26:35 9633792 --sh--r- c:\windows\fonts\StaticCache.dat
2005-06-26 13:32:28 616448 --sh--r- c:\windows\system32\cygwin1.dll
2005-06-21 20:37:42 45568 --sh--r- c:\windows\system32\cygz.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-24 22:00:00 70656 --sh--r- c:\windows\system32\i420vfw.dll
2006-07-30 21:14:28 11894 --sh--w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2005-02-28 11:16:22 240128 --sh--r- c:\windows\system32\x.264.exe
2009-10-31 12:48:30 32768 --sh--w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009103120091101\index.dat
2009-07-14 01:14:45 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:48:37,88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 26 August 2010 - 02:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 August 2010 - 11:42 AM

Hi myrti,

thank you for your interest.

Since the date of my first post, I didn't install any program on my pc, nor started cleaning programs.

I can see virus activity, because it is reading something from the disc, but for now it can do no damages beacuse of the rules in the Windows Firewall (block connections from/to IP address 77.67.10.x and block outgoing connections on port 25).

My fear is I can have a sort of program who can give remote access to someone, I think the attacker is behind IP 77.67.10.x

Followings are the OTL.TXT and EXTRA.TXT logs:

OTL logfile created on: 26/08/2010 17:50:06 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Download
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 260,31 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAKPCNEW
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/26 17:46:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Download\OTL.exe
PRC - [2010/07/26 00:20:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\firefox.exe
PRC - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\ramaint.exe
PRC - [2010/06/02 16:06:16 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programmi\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/15 23:36:03 | 003,788,800 | ---- | M] (FNet Co., Ltd.) -- C:\Programmi\UsbBoost\TurboHddUsb.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programmi\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeIn.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/09 12:11:20 | 000,389,120 | ---- | M] () -- C:\Programmi\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009/08/20 20:31:56 | 007,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programmi\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/29 12:09:38 | 003,551,456 | ---- | M] (Babylon Ltd.) -- C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programmi\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/24 08:19:18 | 001,474,560 | R--- | M] (VIA) -- C:\Programmi\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/21 15:34:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/06/19 18:31:39 | 000,651,264 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programmi\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009/05/13 17:48:26 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/08 20:49:30 | 000,344,064 | ---- | M] (AVerMedia) -- C:\Programmi\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2009/03/02 14:08:52 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/27 16:18:20 | 000,049,152 | ---- | M] () -- C:\Programmi\FreePOPs\freepopsd.exe
PRC - [2008/12/27 16:18:20 | 000,027,648 | ---- | M] () -- C:\Programmi\FreePOPs\freepopsservice.exe
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programmi\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/18 08:05:32 | 000,189,056 | ---- | M] (Genie-soft) -- C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe
PRC - [2008/06/11 19:34:02 | 000,159,744 | ---- | M] () -- C:\Programmi\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programmi\BlueTooth\BTNtService.exe
PRC - [2004/01/16 00:12:58 | 000,653,312 | ---- | M] (UtilKit Inc) -- C:\Programmi\DLULMeterFree\UKDUMFree.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
PRC - [1999/08/04 00:00:00 | 000,122,944 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Money\System\Money Express.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 17:46:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Download\OTL.exe
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/25 23:48:04 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Programmi\Common Files\Akamai\rswin_3745.dll -- (Akamai)
SRV - [2010/08/15 00:20:11 | 000,519,040 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\UOGTPET.exe -- (UOGTPET)
SRV - [2010/08/15 00:18:59 | 000,433,024 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\DPNQ.exe -- (DPNQ)
SRV - [2010/08/13 19:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programmi\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 21:37:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/12/30 17:27:07 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/10/09 12:11:20 | 000,389,120 | ---- | M] () [Auto | Running] -- C:\Programmi\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009/08/24 18:48:44 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programmi\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/21 15:34:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/13 17:48:26 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2009/04/08 20:49:30 | 000,344,064 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Programmi\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programmi\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/27 16:18:20 | 000,027,648 | ---- | M] () [Auto | Running] -- C:\Programmi\FreePOPs\freepopsservice.exe -- (FreePOPs)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programmi\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/18 17:57:54 | 005,750,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL5)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programmi\BlueTooth\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [1998/10/18 08:50:00 | 001,350,144 | ---- | M] (InterBase Software Corp.) [On_Demand | Stopped] -- C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe -- (InterBaseServer)
SRV - [1998/10/18 08:50:00 | 000,022,528 | ---- | M] (InterBase Software Corp.) [On_Demand | Stopped] -- C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe -- (InterBaseGuardian)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/04/15 23:36:04 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2010/04/15 23:36:03 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/29 02:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programmi\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/01/12 07:37:32 | 000,257,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/10 21:32:39 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/28 03:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programmi\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/23 03:18:07 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009/07/18 07:18:44 | 000,093,096 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/07/16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (VWiFiFlt)
DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Driver audio USB (WDM)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/10 05:04:42 | 001,067,008 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/08 10:39:12 | 001,334,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/06/10 11:26:24 | 001,169,920 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA706.sys -- (AVerA706)
DRV - [2009/05/11 11:12:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 11:33:11 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 13:35:09 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/28 19:01:20 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2008/08/27 10:28:48 | 001,238,272 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2008/08/06 18:09:32 | 000,905,728 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agux86.sys -- (A5AGU)
DRV - [2007/12/17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/05/09 15:00:40 | 000,068,040 | ---- | M] (Eutronsec) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eugssxp.sys -- (eugss)
DRV - [2007/03/13 22:46:00 | 000,312,320 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB300Nx86.sys -- (MRV6X32U) Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x)
DRV - [2006/12/13 11:10:18 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2005/07/26 14:42:00 | 000,043,968 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eusk3usb.sys -- (eusk3usb)
DRV - [2005/06/20 10:12:00 | 000,215,040 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005/03/25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 BE 73 E0 34 5B CA 01 [binary data]
IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 19:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010/07/31 15:32:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010/07/31 15:32:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/08 13:32:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/07/25 19:04:25 | 000,000,000 | ---D | M]

[2009/10/26 22:45:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/08/25 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions
[2009/10/26 22:45:59 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/18 18:59:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/26 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\chenyanxu8821@163.com
[2010/04/17 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\firegestures@xuldev.org
[2010/07/30 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com
[2009/10/26 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\temp
[2009/10/28 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\default.9um\extensions\TFToolbarX@torrent-finder

O1 HOSTS File: ([2010/08/14 23:00:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UsbBoost] C:\Programmi\UsbBoost\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000..\Run: [GBMLite8AgentLaCie] C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000..\Run: [TelekomatXP] C:\Programmi\DLULMeterFree\UKDUMFree.exe (UtilKit Inc)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Babylon.lnk = C:\Programmi\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} http://www.crs.regione.lombardia.it/compon...itCittadino.cab (Posto di Lavoro del Cittadino - Attestazione)
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} http://www.crs.regione.lombardia.it/compon...xCertUpdate.cab (Posto di Lavoro del Cittadino - Autenticazione utente)
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} http://www.crs.regione.lombardia.it/compon.../OcxCrsInfo.cab (Posto di Lavoro del Cittadino - Interprete dati)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/binary/MJSS.cab69309.cab ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1120763713796 (WUWebControl Class)
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} http://supportsiss.lispa.it/components/pdlc.cab (Postazione di Lavoro del Cittadino 3.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Programmi\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GBMLite8AgentLaCie - hkey= - key= - C:\Programmi\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig - StartUpReg: SoundMax - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendering grafica vettoriale (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Binding dati Dynamic HTML per Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Creazione avanzata
ActiveX: {43895475-D949-30FF-E9B2-8D3C61ABEBAA} - Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classi Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6b0d63a7-bf2d-45df-877b-b22d4c0eddbd} - KB887797
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7F78F8E3-5CF7-A709-9A78-B45BAF4CC137} - Microsoft Windows Media Player 12.0
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Provider fax
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Utilitą di pianificazione
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {D9547CA8-2F88-0B1C-25A7-E0D84D7E9F25} - Rendering grafica vettoriale (VML)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F321D281-E9F5-A2A2-BA90-86C00384A572} - Adobe Shockwave Director 11.0.3
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\Windows\System32\jpegcode.dll ()
Drivers32: vidc.KAVC - C:\Windows\System32\kavcodec.dll ()
Drivers32: VIDC.MP42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.pDAD - C:\Windows\System32\prodad-codec.dll (proDAD GmbH)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/18 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Info Virus
[2010/08/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Programmi\Sophos
[2010/08/15 00:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2010/08/14 23:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/08/14 23:30:09 | 000,000,000 | ---D | C] -- C:\Programmi\Security Task Manager
[2010/08/14 23:28:33 | 000,000,000 | ---D | C] -- C:\Programmi\Wireshark
[2010/08/14 23:00:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/14 23:00:49 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/08/14 22:59:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/08/14 22:50:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/14 16:24:52 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/14 16:24:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/14 16:24:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/14 16:24:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/14 16:24:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/14 16:24:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/14 16:24:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/14 16:24:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/14 16:24:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/14 16:24:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/14 16:22:41 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/14 16:22:40 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/14 16:22:36 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/14 16:22:36 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/13 19:32:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/08/12 19:09:27 | 000,000,000 | ---D | C] -- C:\Programmi\Common Files\Akamai
[2010/08/02 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Samsung
[2010/08/02 23:04:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DNA
[2010/08/02 23:04:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DNA
[2010/08/02 23:04:05 | 000,000,000 | ---D | C] -- C:\Programmi\DNA
[2010/07/31 15:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2010/07/31 15:23:55 | 000,000,000 | ---D | C] -- C:\Programmi\DWD
[2010/07/28 17:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/07/28 17:51:57 | 000,000,000 | ---D | C] -- C:\Programmi\LogMeIn
[2010/07/27 21:14:01 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2007/11/25 12:50:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys
[2004/05/19 00:06:50 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\psxpadff.dll
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/26 17:52:54 | 023,592,960 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/08/26 17:52:44 | 000,764,416 | ---- | M] () -- C:\Windows\System32\drivers\gnvkt.sys
[2010/08/26 17:52:44 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\tbmym.sys
[2010/08/26 17:48:32 | 002,854,912 | ---- | M] () -- C:\Users\User\Documents\File personale.mny
[2010/08/26 17:22:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000UA.job
[2010/08/26 17:05:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/26 13:59:10 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/26 13:48:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:22:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000Core.job
[2010/08/24 00:22:20 | 000,002,283 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010/08/23 21:12:59 | 001,516,744 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/23 21:12:59 | 000,691,004 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/08/23 21:12:59 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/23 21:12:59 | 000,125,044 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/08/23 21:12:59 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/23 00:09:43 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/08/22 23:59:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/22 23:59:29 | 2817,040,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/22 14:03:45 | 000,029,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/22 14:03:45 | 000,029,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/22 14:03:29 | 003,959,655 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/08/18 13:16:57 | 714,523,656 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/17 23:36:48 | 000,023,040 | ---- | M] () -- C:\Users\User\Documents\marfin.xls
[2010/08/15 00:21:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\FSCL
[2010/08/14 23:37:41 | 000,000,064 | ---- | M] () -- C:\Windows\System32\-1
[2010/08/14 23:00:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/14 23:00:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/14 16:56:09 | 002,977,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/14 16:29:13 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/08/14 14:58:59 | 000,000,016 | ---- | M] () -- C:\Users\User\AppData\Roaming\bawuho.dat
[2010/08/13 19:32:41 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/08/13 19:32:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/08/02 23:26:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/07/29 08:30:49 | 000,197,632 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/07/29 00:40:11 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/07/28 17:52:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 00:55:21 | 000,035,348 | ---- | C] () -- C:\ProgramData\NAB_Install.log
[2010/08/15 00:21:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\FSCL
[2010/08/14 23:37:41 | 000,000,064 | ---- | C] () -- C:\Windows\System32\-1
[2010/08/14 16:29:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/14 14:59:32 | 000,764,416 | ---- | C] () -- C:\Windows\System32\drivers\gnvkt.sys
[2010/08/14 14:59:15 | 000,585,504 | ---- | C] () -- C:\Windows\System32\drivers\tbmym.sys
[2010/08/14 14:58:58 | 000,000,016 | ---- | C] () -- C:\Users\User\AppData\Roaming\bawuho.dat
[2010/08/02 23:26:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/08/02 23:05:11 | 002,097,152 | ---- | C] () -- C:\P7P55D-ASUS-1702.ROM
[2010/08/02 23:04:48 | 000,066,952 | ---- | C] () -- C:\BUPDATER.EXE
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/17 23:52:08 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\AVSDVDPlayer.m3u
[2010/03/26 22:03:52 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/03/25 23:03:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/03/25 23:03:51 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/25 23:03:51 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/25 23:03:49 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/25 23:03:49 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/28 15:53:26 | 000,001,074 | ---- | C] () -- C:\ProgramData\ss.ini
[2009/10/31 15:08:36 | 000,002,568 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 15:08:36 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0CD47D6331.sys
[2009/10/29 20:45:42 | 000,598,016 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009/10/29 20:45:42 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009/10/29 20:45:42 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009/10/29 20:45:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009/10/29 20:45:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009/10/29 20:45:42 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009/10/29 20:45:42 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009/10/29 20:45:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009/10/29 20:45:42 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009/10/29 20:00:44 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/10/28 23:31:59 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/10/28 23:31:59 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/10/28 22:11:54 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini
[2009/10/25 09:48:35 | 000,007,607 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2009/10/21 14:03:46 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2009/10/15 17:57:37 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009/10/15 17:57:37 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/10/15 17:57:33 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/10/15 17:57:33 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/10/15 17:52:21 | 000,031,600 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/10/15 17:52:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/10/15 17:51:52 | 000,021,944 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/16 05:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/04 19:17:15 | 000,063,273 | ---- | C] () -- C:\Users\User\AppData\Roaming\mdbu.bin
[2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/12/27 16:18:20 | 000,005,120 | ---- | C] () -- C:\Windows\System32\lwel-manifest.dll
[2008/11/24 19:39:13 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usbr38.dll
[2008/08/09 16:12:28 | 000,000,121 | ---- | C] () -- C:\Windows\ClonyDrives.ini
[2008/08/09 16:09:53 | 000,000,284 | ---- | C] () -- C:\Windows\Clony2.ini
[2008/07/28 15:30:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/07/28 15:30:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/07/28 15:30:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tmpPrst.dll
[2008/06/30 22:21:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ArmAccess.dll
[2008/06/22 13:56:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/06/03 23:36:09 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2008/06/03 23:36:07 | 000,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2008/05/15 10:10:22 | 000,000,244 | ---- | C] () -- C:\Windows\System32\SSLEmptyCache.ini
[2008/04/19 23:54:07 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2008/02/24 00:49:13 | 000,000,200 | ---- | C] () -- C:\Windows\CDMaster.ini
[2007/11/25 12:50:10 | 000,000,055 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.log
[2007/11/25 12:50:09 | 000,007,887 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat
[2007/11/25 12:50:09 | 000,001,144 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf
[2007/07/26 11:18:20 | 000,000,137 | ---- | C] () -- C:\Windows\PPTonTV.INI
[2007/07/19 11:04:44 | 000,139,264 | ---- | C] () -- C:\Windows\System32\kavcodec.dll
[2007/06/30 14:03:03 | 000,000,084 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2007/05/12 12:24:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2006/12/13 00:34:10 | 000,002,925 | ---- | C] () -- C:\Windows\OkyFlyPC.INI
[2006/10/29 23:15:33 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2006/10/05 19:07:36 | 000,000,860 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2006/09/09 09:57:19 | 000,006,308 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/08/04 14:22:31 | 000,002,048 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2006/08/03 22:01:15 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2006/08/02 18:19:59 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2006/07/08 14:28:47 | 000,010,628 | R--- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/06/16 18:41:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\ClearLogonCredentials.dll
[2006/06/02 15:16:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini
[2006/02/25 01:25:15 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2006/01/08 14:52:48 | 000,000,713 | ---- | C] () -- C:\Windows\scummvm.ini
[2005/12/22 20:23:08 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2005/10/24 21:32:42 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2005/10/24 21:32:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2005/10/12 15:32:10 | 000,511,488 | ---- | C] () -- C:\Windows\System32\pwmdtl40.dll
[2005/10/12 15:32:10 | 000,182,784 | ---- | C] () -- C:\Windows\System32\DGVorbis.dll
[2005/10/12 15:32:10 | 000,118,784 | ---- | C] () -- C:\Windows\System32\Mp3dec.dll
[2005/10/12 15:32:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\cwsmaf40.dll
[2005/10/12 15:32:10 | 000,077,824 | ---- | C] () -- C:\Windows\System32\cwpwmd10.dll
[2005/10/12 15:32:09 | 000,049,152 | ---- | C] () -- C:\Windows\System32\MP3enc.dll
[2005/09/29 19:14:29 | 000,000,000 | ---- | C] () -- C:\Windows\ATIMMC.INI
[2005/08/03 10:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpda32e.dll
[2005/07/14 12:31:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2005/06/21 22:37:42 | 000,045,568 | RHS- | C] () -- C:\Windows\System32\cygz.dll
[2005/06/18 20:31:52 | 000,000,170 | ---- | C] () -- C:\Windows\icecast2.ini
[2005/04/18 20:16:25 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI
[2005/04/18 20:04:50 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2005/04/18 20:02:25 | 000,001,026 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2005/04/18 20:02:25 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2004/10/31 20:29:57 | 000,011,894 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2004/10/23 21:55:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cdTextCtl.dll
[2004/10/16 09:36:42 | 000,005,626 | ---- | C] () -- C:\Windows\cdplayer.ini
[2004/05/05 19:04:11 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ntpadcpl.dll
[2004/03/17 21:07:40 | 000,000,250 | ---- | C] () -- C:\Windows\Vstudio.INI
[2004/03/17 20:48:03 | 000,001,397 | ---- | C] () -- C:\Windows\Ulead32.ini
[2004/03/17 20:48:03 | 000,000,117 | ---- | C] () -- C:\Windows\Dswplug.ini
[2004/03/17 20:48:03 | 000,000,061 | ---- | C] () -- C:\Windows\Msdevctl.ini
[2004/03/17 20:06:20 | 000,000,018 | ---- | C] () -- C:\Windows\Progs_.ini
[2004/03/05 18:09:15 | 000,000,420 | ---- | C] () -- C:\Windows\SIERRA.INI
[2004/02/05 20:17:05 | 000,011,907 | ---- | C] () -- C:\Windows\System32\ftpctrs.ini
[2004/02/05 20:17:00 | 000,014,796 | ---- | C] () -- C:\Windows\System32\axperf.ini
[2004/01/24 12:08:58 | 000,000,073 | ---- | C] () -- C:\Windows\interbas.ini
[2004/01/14 21:10:00 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2003/12/24 15:14:47 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2003/12/24 14:27:35 | 000,178,688 | ---- | C] () -- C:\Windows\System32\D5uninst.dll
[2003/12/24 14:27:35 | 000,036,864 | ---- | C] () -- C:\Windows\System32\IDUNINST.DLL
[2003/12/20 14:54:19 | 000,000,030 | ---- | C] () -- C:\Windows\mtwm2.ini
[2003/12/20 14:47:27 | 000,102,912 | ---- | C] () -- C:\Windows\System32\jpegpriv.dll
[2003/12/20 14:47:27 | 000,102,912 | ---- | C] () -- C:\Windows\System32\jpegcode.dll
[2003/12/20 14:47:27 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ACHw32.dll
[2003/12/20 14:47:27 | 000,000,701 | ---- | C] () -- C:\Windows\ACVfw.ini
[2003/12/20 00:44:03 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2003/12/20 00:20:37 | 000,000,204 | ---- | C] () -- C:\Windows\COOLCD1.ini
[2003/12/19 19:52:06 | 000,001,110 | ---- | C] () -- C:\Windows\winamp.ini
[2003/12/19 19:44:39 | 000,174,080 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/07/06 15:30:02 | 000,003,267 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI
[1999/07/17 02:02:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\wh2robo.dll
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/11/19 20:02:52 | 000,066,952 | ---- | M] () -- C:\BUPDATER.EXE


< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2001/08/31 13:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\Windows\System32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2001/08/17 22:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\Windows\System32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2004/08/20 00:39:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\Windows\System32\eventlog.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 20:46:13 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=0908290F2D809BAB461E6AE8740B4EF9 -- C:\Windows\SoftwareDistribution\Download\d225a76dd07ee1f0aafc7cd2b5a463bb\sp2qfe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/08/26 18:01:31 | 000,764,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\gnvkt.sys
[2010/08/26 18:01:36 | 000,585,504 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\tbmym.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/26 18:01:37 | 000,764,416 | ---- | M] () -- C:\Windows\System32\drivers\gnvkt.sys
[2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2010/06/22 04:47:35 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/22 04:47:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/22 04:47:13 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/08/26 18:01:36 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\tbmym.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 617 bytes -> C:\Users\User\Documents\mail pierpa.eml:OECustomProperty
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 26/08/2010 17:50:06 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Download
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 260,31 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAKPCNEW
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\ProgramData\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\MYPROGS\RemoteControl\RemoteControl.exe" = C:\MYPROGS\RemoteControl\RemoteControl.exe:*:Enabled:RemoteControl -- (Ben Ziegler)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BlueTooth\BlueSoleil.exe" = C:\Program Files\BlueTooth\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Laplink\PCmover\PCmover.exe" = C:\Program Files\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover -- (Laplink Software Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft)
"C:\Windows\MsnLogs.exe" = C:\Windows\MsnLogs.exe:*:Enabled:MsnLogs -- File not found
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Assistenza remota - Windows Messenger e conversazione -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programma di trasferimento file (FTP) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0480B3ED-1849-4D55-A863-71211F3ECBF8}" = SeySo WinDirLister 2
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{158B0177-C091-4A90-BC1F-F24D54D9C866}" = PCmover Home
"{15DFEF96-08BD-4FEC-BBBC-C63A993FEE5D}" = Visual Install Pack
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AE60380-A2C0-11D5-80F5-00105A4B10E7}" = Williams Pinball Classics
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3093bdda-d898-45ac-a008-d76cdc86fd99}" = Blu-ray Disc Authoring Plug-in
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland ™
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34DB8A8D-73CD-11D6-BD16-0050BA11CC04}" = Wireless LAN Client Utility
"{350C97BE-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A0BAA62-FE2F-4C93-A10B-5E6DE3B424A5}" = BlueSoleil
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{608FFCC7-7237-47BB-ABD5-8341754A3BBA}" = MySQL Server 5.0
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{6fd420db-0e6b-4d13-bf48-ba3ec2fa4a24}" = Nero 9
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Client Installation Program
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR™: IL GIOCO
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85E0DA75-0795-4377-B079-CFB9F7C5691F}" = Phone Software Update - Windows Mobile
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B5D3F44-8150-4471-B093-28BA8A7D67C8}" = Phone Software Update - Windows Mobile
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{B9896689-DF51-4A16-AAD5-002622D86C72}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0410-0000-0000000FF1CE}" = Componente aggiuntivo Microsoft Salvataggio in formato PDF o XPS per applicazioni di Microsoft Office 2007
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centro gestione dispositivi Windows Mobile
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{925D9613-EA6A-4DF0-9186-AD968159D1B1}" = Tony Hawk's American Wasteland 1.01 Patch
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9649C3CF-AC27-4A09-9F7F-A28FADBFDA2D}" = MySQL Connector/ODBC 3.51
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3.3 - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5AB5E57-0A9B-4C44-BB64-E2FA95423735}" = Eutron SmartKey SDK
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7B8B101-6620-43F6-8C2C-27030FD63820}" = EaseUs Disk Copy 1.0
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5017EB1-CA5F-441C-9634-C81AFE07B81E}" = Sayatoo KaraTitleMaker
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DB3ED071-8BE8-4E2D-BE04-993F1FDBDA35}" = Eutronsec SmartKey Drivers
"{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}" = Linksys Wireless-N USB Network Adapter WUSB300N
"{DCF60B7D-5830-4AF6-998F-1CD79E1A4BF6}" = Microsoft LifeCam
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Aggiornamento driver Centro gestione dispositivi Windows Mobile
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{f0caac36-2dc2-4c47-b7d3-692606801a56}" = Nero MediaHome 4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1f80776-3c2e-49a7-8a9e-3d64652a5915}" = Nero Move it
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_ffcb3f2dd758cc9933975d08d2cd477" = Adobe Premiere Pro CS4
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare 2.55 Personal
"AgfaCam34" = AgfaCam Mounter CL34
"Akamai" = Akamai NetSession Interface
"ARWordReport 1.81_is1" = ARWordReport 1.81
"Astraware Zuma for Pocket PC" = Zuma for Pocket PC
"AVerMedia M135-Series PCI TV Tuner" = AVerMedia M135-Series PCI TV Tuner 3.6.0.6
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.6
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"Avi2Dvd" = Avi2Dvd 0.5
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"Babylon" = Babylon
"Bit4Id - CSP e PKCS#11 per la CRS Lombardia" = Bit4Id - CSP e PKCS#11 per la CRS Lombardia - 1.2.11
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.28
"Bubble Bobble World" = Bubble Bobble World
"Cartoon Xonix_is1" = Cartoon Xonix 1.0
"CCE SP Trial Version" = CCE SP Trial Version
"Chameleon Clock_is1" = Chameleon Clock 5.1
"Cinema Craft Encoder SP v2.67.00.27 RETAIL dONGLE cRACKED" = Cinema Craft Encoder SP v2.67.00.27 RETAIL dONGLE cRACKED
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"CRS Kit_is1" = CRS Kit 1.0
"CRS Manager_is1" = CRS Manager 1.1.4.0
"Delphi5" = Borland Delphi 5
"Derive 6 Trial Edition" = Derive 6 Trial Edition
"devkitProUpdater" = devkitProUpdater 1.5.0
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"DVD-lab PRO 2.0_is1" = DVD-lab PRO 2.0
"Electric Eddie" = Electric Eddie 1.02
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Feelers" = Feelers
"Fireman's Adventures" = Fireman's Adventures 1.0
"FreePOPs" = NSIS FreePOPs (remove only)
"GEN_LYRICS_IE.DLL" = Winamp Lyrics (Explorer Version) v1.21
"Gnostice eDocEngine Professional (VCL)_is1" = Gnostice eDocEngine 2.11 Professional VCL
"Google Video Uploader" = Google Video Uploader
"Grafx2 Windows_is1" = Grafx2 Windows Version 0.96.5
"HandBrake" = HandBrake 0.9.3
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D5017EB1-CA5F-441C-9634-C81AFE07B81E}" = Sayatoo KaraTitleMaker
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InterBase" = InterBase
"IrfanView" = IrfanView (remove only)
"Jeanne D'Pac" = Jeanne D'Pac
"KAVC" = KaraTileMaker Avi Video Codec
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Lair of the Leviathan" = Tales of Monkey Island - Lair of the Leviathan
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"Lemmings Revolution" = Lemmings Revolution
"MadMagic_is1" = MadMagic
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MioFotografo.it MyComposer_is1" = MioFotografo.it MyComposer 5.0
"mIRC" = mIRC
"MortScript" = MortScript
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.44
"MSMONEYV80" = Microsoft Money 2000 Professional
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"NeoBall" = NeoBall
"NJStar Japanese Word Processor" = NJStar Japanese Word Processor
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Orbit_is1" = Orbit Downloader
"Phantasia" = Phantasia 1.0
"Phantasia 2" = Phantasia 2 1.02
"Picasa 3" = Picasa 3
"Pocket Informant" = Pocket Informant 8.02
"Pocket Simon" = Pocket Simon
"Quick Report 3.5.1 Standard for Delphi 6" = Quick Report 3.5.1 Standard for Delphi 6
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealAlt_is1" = Real Alternative 1.7.5
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Rise of the Pirate God" = Tales of Monkey Island - Rise of the Pirate God
"Robbox_is1" = Robbox
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"ScummVM_is1" = ScummVM 0.8.0
"Security Task Manager" = Security Task Manager 1.7h
"SFTENCDD" = Sonic Foundry Soft Encode 1.0 - Dolby Digital 5.1
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Spb Diary" = Spb Diary
"Spb Imageer" = Spb Imageer
"Spyware Doctor" = Spyware Doctor 6.0
"ST5UNST #1" = Microsoft Speech SDK 4.0 ActiveX Components
"ST5UNST #2" = Chord Pro Manager
"StepMania" = StepMania (remove only)
"Styrateg" = Styrateg 1.09
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Super Cubes_is1" = Super Cubes 1.0
"Super DVD Creator_is1" = Super DVD Creator 8.5
"SurCode DVD-DTS" = SurCode DVD-DTS
"SyncBack_is1" = SyncBack
"SystemRequirementsLab" = System Requirements Lab
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.0
"TeeChart Standard 7.07 for Delphi 6" = TeeChart Standard 7.07 for Delphi 6
"The FilmMachine_is1" = The FilmMachine 1.6.1
"The Siege of Spinner Cay" = Tales of Monkey Island - The Siege of Spinner Cay
"The Trial and Execution of Guybrush Threepwood" = Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood
"Theme Park World" = Theme Park World
"Time Breaker" = Time Breaker
"Tony Tough and The Night of Roasted Moths" = Tony Tough and The Night of Roasted Moths
"Trick Ball" = Trick Ball 1.1.4
"Turtle Odyssey 2_is1" = Turtle Odyssey 2
"Turtle Odyssey_is1" = Turtle Odyssey
"USB/PS2 Vibration Pad" = USB/PS2 Vibration Pad
"UsbBoost" = UsbBoost
"Visionaire_is1" = Visionaire 2.8.2 Fullversion
"VLC media player" = VideoLAN VLC media player 0.8.1
"VMidi" = vanBasco's Karaoke Player
"Winamp" = Winamp
"Windows Media Player" = Windows Media Player 10
"Windows Mobile Device Handbook" = Documentazione del dispositivo Windows Mobile®
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinHex" = WinHex
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR gestione archivi
"WinUAE" = WinUAE 1.4.2
"WinZip" = WinZip
"Wireshark" = Wireshark 1.2.10
"Woaky e le Ombre del Fiume_is1" = Woaky e le ombre del fiume ver. 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zak and Jack in Showdown at Monstertown" = Zak and Jack in Showdown at Monstertown
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"ZakMcKracken - between time & space" = ZakMcKracken - between time & space Demo 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-237298051-2971886165-3222819484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"InAlbum" = InAlbum (remove only)
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/08/2010 14:10:19 | Computer Name = ZAKPCNEW | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validitą se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 18/08/2010 14:10:29 | Computer Name = ZAKPCNEW | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: AVerScheduleService.exe,
versione: 1.0.0.32, timestamp: 0x4acea9d6 Nome del modulo che ha generato l'errore:
RPCRT4.dll, versione: 6.1.7600.16385, timestamp: 0x4a5bdade Codice eccezione: 0xc0000005
Offset
errore 0x000248e9 ID processo che ha generato l'errore: 0x768 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cb3f009b118053 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
Percorso
del modulo che ha generato l'errore: C:\Windows\system32\RPCRT4.dll ID segnalazione:
e1b6e468-aaf3-11df-bada-90e6ba15597f

Error - 19/08/2010 17:41:16 | Computer Name = ZAKPCNEW | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: plugin-container.exe,
versione: 1.9.2.3855, timestamp: 0x4c48d590 Nome del modulo che ha generato l'errore:
ntdll.dll, versione: 6.1.7600.16559, timestamp: 0x4ba9b21e Codice eccezione: 0xc0000005
Offset
errore 0x00046bf0 ID processo che ha generato l'errore: 0x17c4 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cb3fe507c31eb6 Percorso dell'applicazione che ha generato
l'errore: C:\ProgramData\Mozilla Firefox\plugin-container.exe Percorso del modulo
che ha generato l'errore: C:\Windows\SYSTEM32\ntdll.dll ID segnalazione: 7e0a4351-abda-11df-bada-90e6ba15597f

Error - 19/08/2010 17:46:19 | Computer Name = ZAKPCNEW | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: chrome.exe, versione:
0.0.0.0, timestamp: 0x4c5353e5 Nome del modulo che ha generato l'errore: unknown,
versione: 0.0.0.0, timestamp: 0x00000000 Codice eccezione: 0xc0000005 Offset errore
0x03728290 ID processo che ha generato l'errore: 0x16f0 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cb3fe791fab001 Percorso dell'applicazione che ha generato
l'errore: C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe Percorso
del modulo che ha generato l'errore: unknown ID segnalazione: 33163d03-abdb-11df-bada-90e6ba15597f

Error - 19/08/2010 17:48:55 | Computer Name = ZAKPCNEW | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: chrome.exe, versione:
0.0.0.0, timestamp: 0x4c5353e5 Nome del modulo che ha generato l'errore: unknown,
versione: 0.0.0.0, timestamp: 0x00000000 Codice eccezione: 0xc0000005 Offset errore
0x0537d958 ID processo che ha generato l'errore: 0x840 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cb3fe825a328ae Percorso dell'applicazione che ha generato
l'errore: C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe Percorso
del modulo che ha generato l'errore: unknown ID segnalazione: 900c71a9-abdb-11df-bada-90e6ba15597f

Error - 19/08/2010 17:50:29 | Computer Name = ZAKPCNEW | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: chrome.exe, versione:
0.0.0.0, timestamp: 0x4c5353e5 Nome del modulo che ha generato l'errore: unknown,
versione: 0.0.0.0, timestamp: 0x00000000 Codice eccezione: 0xc0000005 Offset errore
0x036f8058 ID processo che ha generato l'errore: 0x1018 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cb3fe85de56f52 Percorso dell'applicazione che ha generato
l'errore: C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe Percorso
del modulo che ha generato l'errore: unknown ID segnalazione: c836c323-abdb-11df-bada-90e6ba15597f

Error - 20/08/2010 12:26:32 | Computer Name = ZAKPCNEW | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: msnmsgr.exe, versione:
14.0.8089.726, timestamp: 0x4a6ce533 Nome del modulo che ha generato l'errore: unknown,
versione: 0.0.0.0, timestamp: 0x00000000 Codice eccezione: 0xc0000005 Offset errore
0x00000000 ID processo che ha generato l'errore: 0x1284 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cb40846913ba0c Percorso dell'applicazione che ha generato
l'errore: C:\Programmi\Windows Live\Messenger\msnmsgr.exe Percorso del modulo che
ha generato l'errore: unknown ID segnalazione: b0f47cab-ac77-11df-bada-90e6ba15597f

Error - 20/08/2010 13:16:47 | Computer Name = ZAKPCNEW | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\MySQL\MySQL Server 5.0\bin\MySQLInstanceConfig.exe". Errore nel file manifesto
o dei criteri "C:\Program Files\MySQL\MySQL Server 5.0\bin\MySQLInstanceConfig.exe",
riga 6. Il valore "asAdministrator" dell'attributo "level" nell'elemento "urn:schemas-microsoft-com:asm.v1^requestedPrivileges"
non č valido.

Error - 22/08/2010 05:27:00 | Computer Name = ZAKPCNEW | Source = Software Protection Platform Service | ID = 8193
Description = Errore di License Activation Scheduler (sppuinotify.dll). Codice di
errore: 0x80070005

Error - 22/08/2010 07:32:07 | Computer Name = ZAKPCNEW | Source = Software Protection Platform Service | ID = 8193
Description = Errore di License Activation Scheduler (sppuinotify.dll). Codice di
errore: 0x80070005

[ System Events ]
Error - 18/08/2010 14:10:29 | Computer Name = ZAKPCNEW | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio AVerScheduleService. Questo evento
si č gią verificato 1 volta(e).

Error - 20/08/2010 07:27:22 | Computer Name = ZAKPCNEW | Source = DCOM | ID = 10001
Description =

Error - 22/08/2010 05:27:00 | Computer Name = ZAKPCNEW | Source = DCOM | ID = 10001
Description =

Error - 22/08/2010 05:36:44 | Computer Name = ZAKPCNEW | Source = DCOM | ID = 10001
Description =

Error - 22/08/2010 08:03:44 | Computer Name = ZAKPCNEW | Source = Service Control Manager | ID = 7016
Description = Il servizio NVIDIA Stereoscopic 3D Driver Service ha riportato lo
stato non valido corrente 0.

Error - 22/08/2010 17:59:41 | Computer Name = ZAKPCNEW | Source = Service Control Manager | ID = 7000
Description = Il servizio Sentinel non č stato avviato per il seguente errore: %%20

Error - 22/08/2010 17:59:57 | Computer Name = ZAKPCNEW | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio AVerScheduleService. Questo evento
si č gią verificato 1 volta(e).

Error - 23/08/2010 12:37:04 | Computer Name = ZAKPCNEW | Source = DCOM | ID = 10001
Description =

Error - 25/08/2010 07:30:49 | Computer Name = ZAKPCNEW | Source = DCOM | ID = 10001
Description =

Error - 26/08/2010 07:58:34 | Computer Name = ZAKPCNEW | Source = DCOM | ID = 10001
Description =


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 27 August 2010 - 01:59 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 27 August 2010 - 09:32 AM

Hello,

I ran ComboFix, here's the LOG:

ComboFix 10-08-26.04 - User 27/08/2010 13:38:08.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3582.2556 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2010-07-27 al 2010-08-27 )))))))))))))))))))))))))))))))))))
.

2010-08-27 11:45 . 2010-08-27 11:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-27 11:45 . 2010-08-27 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 23:00 . 2010-08-14 23:00 -------- d-----w- c:\program files\Sophos
2010-08-14 22:55 . 2010-08-14 22:55 -------- d-----w- c:\programdata\Downloaded Installations
2010-08-14 21:30 . 2010-08-14 21:36 -------- d-----w- c:\programdata\SecTaskMan
2010-08-14 21:30 . 2010-08-14 21:37 -------- d-----w- c:\program files\Security Task Manager
2010-08-14 21:28 . 2010-08-14 21:37 -------- d-----w- c:\program files\Wireshark
2010-08-14 20:59 . 2010-08-27 12:23 -------- d-----w- c:\users\User\AppData\Local\temp
2010-08-14 14:25 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-14 14:23 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 14:23 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 14:23 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-14 14:22 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 14:22 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 14:22 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-14 14:22 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 17:32 . 2010-08-13 17:32 -------- d-----w- c:\windows\system32\Wat
2010-08-12 17:09 . 2010-08-27 11:46 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-02 21:35 . 2010-08-02 21:35 -------- d-----w- c:\users\User\AppData\Roaming\Samsung
2010-08-02 21:04 . 2009-11-19 18:02 66952 ----a-w- C:\BUPDATER.EXE
2010-08-02 21:04 . 2010-08-14 18:45 -------- d-----w- c:\users\User\AppData\Roaming\DNA
2010-08-02 21:04 . 2010-08-14 16:45 -------- d-----w- c:\program files\DNA
2010-08-02 21:04 . 2010-08-02 21:04 -------- d-----w- c:\users\User\AppData\Local\DNA
2010-07-31 13:24 . 2010-07-31 13:24 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-07-31 13:23 . 2010-07-31 13:23 -------- d-----w- c:\program files\DWD
2010-07-28 15:52 . 2010-07-28 15:52 -------- d-----w- c:\programdata\LogMeIn
2010-07-28 15:51 . 2010-08-27 11:27 -------- d-----w- c:\program files\LogMeIn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 12:23 . 2009-10-26 19:02 -------- d-----w- c:\programdata\Babylon
2010-08-27 11:46 . 2009-10-15 16:07 -------- d-----w- c:\programdata\NVIDIA
2010-08-26 22:02 . 2009-10-26 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-25 19:50 . 2009-10-26 18:54 -------- d-----w- c:\program files\StepMania CVS
2010-08-23 19:12 . 2009-07-14 08:21 691004 ----a-w- c:\windows\system32\perfh010.dat
2010-08-23 19:12 . 2009-07-14 08:21 125044 ----a-w- c:\windows\system32\perfc010.dat
2010-08-17 11:15 . 2009-12-12 15:22 -------- d-----w- c:\program files\PeerBlock
2010-08-16 22:18 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-08-14 21:47 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\Wireshark
2010-08-14 21:37 . 2009-10-26 19:02 -------- d-----w- c:\program files\WinPcap
2010-08-14 16:47 . 2009-10-26 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-14 16:13 . 2009-10-26 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 14:39 . 2010-08-14 14:39 20992 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{584B078D-3C85-93E3-D10C-66D3978C5C37}-svchost.exe
2010-08-14 12:59 . 2010-01-24 18:00 -------- d-----w- c:\programdata\Mozilla Firefox
2010-08-14 12:58 . 2010-08-14 12:58 16 ----a-w- c:\users\User\AppData\Roaming\bawuho.dat
2010-08-13 17:32 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-13 17:32 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-13 17:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-12 17:16 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2010-08-10 11:20 . 2009-10-26 18:49 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 12:32 . 2010-06-13 21:30 2828 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-08-07 09:08 . 2009-10-26 19:00 -------- d-----w- c:\program files\SyncBack
2010-08-02 21:33 . 2009-10-15 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 21:26 . 2010-08-02 21:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-08-02 21:01 . 2009-10-26 20:45 -------- d-----w- c:\users\User\AppData\Roaming\Download Manager
2010-07-31 13:23 . 2009-10-26 18:53 -------- d-----w- c:\program files\Samsung
2010-07-28 22:40 . 2006-06-02 15:29 10 ----a-w- c:\windows\popcinfo.dat
2010-07-25 22:19 . 2010-01-24 18:00 23512 ----a-w- c:\programdata\Mozilla Firefox\components\browserdirprovider.dll
2010-07-25 22:19 . 2010-01-24 18:00 138712 ----a-w- c:\programdata\Mozilla Firefox\components\brwsrcmp.dll
2010-07-25 22:19 . 2010-01-24 18:00 17880 ----a-w- c:\programdata\Mozilla Firefox\AccessibleMarshal.dll
2010-07-23 07:51 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Notepad++
2010-07-23 07:50 . 2009-10-26 18:53 -------- d-----w- c:\program files\Notepad++
2010-07-22 16:58 . 2010-07-22 16:58 -------- d-----w- c:\programdata\Atheros
2010-07-22 16:50 . 2010-04-15 21:36 -------- d-----w- c:\programdata\FNET
2010-06-30 06:25 . 2010-08-14 14:24 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-25 17:07 . 2010-06-25 17:07 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07 . 2010-06-25 17:07 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07 . 2010-06-25 17:07 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-25 17:03 . 2010-06-25 17:03 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-06-19 19:34 . 2010-06-19 19:34 103864 ----a-w- c:\programdata\Mozilla Firefox\plugins\nppdf32.dll
2010-06-19 06:23 . 2010-08-14 14:24 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-14 14:24 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-14 14:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-13 21:30 . 2009-10-15 16:01 320208 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-08 06:02 . 2010-08-14 14:24 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 14:06 . 2007-07-27 23:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-02 14:06 . 2007-07-27 23:15 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-02 14:06 . 2007-07-27 23:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-01 09:44 . 2010-07-30 14:49 3907584 ----a-w- c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-05-31 19:57 . 2010-05-31 19:57 50354 ----a-w- c:\users\User\AppData\Roaming\Facebook\uninstall.exe
2008-02-23 22:44 . 2005-05-13 15:12 217073 --sh--r- c:\windows\meta4.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sh--r- c:\windows\System32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sh--r- c:\windows\System32\cygz.dll
2006-05-03 10:06 . 2009-08-01 08:57 163328 --sh--r- c:\windows\System32\flvDX.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sh--r- c:\windows\System32\i420vfw.dll
2006-07-30 21:14 . 2004-10-31 18:29 11894 --sh--w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-08-01 08:57 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-08-01 08:57 216064 --sh--r- c:\windows\System32\nbDX.dll
2005-02-28 11:16 . 2005-02-28 11:16 240128 --sh--r- c:\windows\System32\x.264.exe
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-13 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\erdnt\cache\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\System32\dllcache\user32.dll

[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\System32\msgsvc.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2002-12-17 17:47 . 8718CF284545073A31B80FA71B60E228 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\System32\ntmssvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-10_15.59.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-14 14:22 . 2010-07-29 06:17 82944 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1e52cef174\iccvid.dll
+ 2010-08-14 14:22 . 2010-07-29 06:30 82944 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce139a20071\iccvid.dll
+ 2010-08-14 14:24 . 2010-06-19 06:27 37376 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.20738_none_0dae9d2b64c07c9d\rtutils.dll
+ 2010-08-14 14:24 . 2010-06-19 06:23 37376 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.16617_none_0d399fee4b938b9a\rtutils.dll
+ 2010-08-14 14:23 . 2010-06-23 07:48 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.20741_none_bc3106d6224073e6\iecompat.dll
+ 2010-08-14 14:23 . 2010-06-23 07:48 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.16620_none_bbbc0999091382e3\iecompat.dll
+ 2010-08-14 14:24 . 2010-06-30 06:12 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20745_none_17936e91cc14b92e\msfeedssync.exe
+ 2010-08-14 14:24 . 2010-06-30 06:15 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20745_none_17936e91cc14b92e\msfeedsbs.dll
+ 2010-08-14 14:24 . 2010-06-30 06:19 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16625_none_171f719eb2e6e182\msfeedssync.exe
+ 2010-08-14 14:24 . 2010-06-30 06:22 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16625_none_171f719eb2e6e182\msfeedsbs.dll
+ 2010-08-14 14:24 . 2010-06-30 06:18 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\WininetPlugin.dll
+ 2010-08-14 14:24 . 2010-06-30 06:15 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\jsproxy.dll
+ 2010-08-14 14:24 . 2010-06-30 06:25 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\WininetPlugin.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\jsproxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 31624 c:\windows\WindowsMobile\wmdsyncproxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\WindowsMobile\wmdsyncproxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 58248 c:\windows\WindowsMobile\wmdsyncman.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 58248 c:\windows\WindowsMobile\wmdsyncman.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 50568 c:\windows\WindowsMobile\WmdHost.exe
- 2007-05-31 08:20 . 2007-05-31 08:20 50568 c:\windows\WindowsMobile\WmdHost.exe
+ 2007-05-31 07:20 . 2007-05-31 07:20 20872 c:\windows\WindowsMobile\VoiceFrm.exe
- 2007-05-31 08:20 . 2007-05-31 08:20 20872 c:\windows\WindowsMobile\VoiceFrm.exe
- 2007-05-31 08:20 . 2007-05-31 08:20 38792 c:\windows\WindowsMobile\VoiceBar.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 38792 c:\windows\WindowsMobile\VoiceBar.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 70536 c:\windows\WindowsMobile\VCOMCtl.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 70536 c:\windows\WindowsMobile\VCOMCtl.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 29576 c:\windows\WindowsMobile\updatewmc.exe
- 2007-05-31 08:20 . 2007-05-31 08:20 29576 c:\windows\WindowsMobile\updatewmc.exe
+ 2007-05-31 07:20 . 2007-05-31 07:20 41352 c:\windows\WindowsMobile\SyncStat.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 41352 c:\windows\WindowsMobile\SyncStat.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 12288 c:\windows\WindowsMobile\ru\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 12288 c:\windows\WindowsMobile\ru\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 36232 c:\windows\WindowsMobile\riresdll.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 36232 c:\windows\WindowsMobile\riresdll.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 10240 c:\windows\WindowsMobile\pl\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 10240 c:\windows\WindowsMobile\pl\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 18824 c:\windows\WindowsMobile\olregdll.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 18824 c:\windows\WindowsMobile\olregdll.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 10240 c:\windows\WindowsMobile\ja\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 10240 c:\windows\WindowsMobile\ja\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\WindowsMobile\IrmActivate.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24456 c:\windows\WindowsMobile\IrmActivate.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 32648 c:\windows\WindowsMobile\InstallForm.exe
- 2007-05-31 08:20 . 2007-05-31 08:20 32648 c:\windows\WindowsMobile\InstallForm.exe
+ 2007-05-31 07:20 . 2007-05-31 07:20 33672 c:\windows\WindowsMobile\inplace.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 33672 c:\windows\WindowsMobile\inplace.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 32136 c:\windows\WindowsMobile\Inkx.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 32136 c:\windows\WindowsMobile\Inkx.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 36232 c:\windows\WindowsMobile\inkres.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 36232 c:\windows\WindowsMobile\inkres.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 60296 c:\windows\WindowsMobile\InkProps.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 60296 c:\windows\WindowsMobile\InkProps.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 20872 c:\windows\WindowsMobile\InkForm.exe
- 2007-05-31 08:20 . 2007-05-31 08:20 20872 c:\windows\WindowsMobile\InkForm.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 95112 c:\windows\WindowsMobile\HttpSys.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 95112 c:\windows\WindowsMobile\HttpSys.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 10240 c:\windows\WindowsMobile\fr\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 10240 c:\windows\WindowsMobile\fr\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 59784 c:\windows\WindowsMobile\Formdll.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 59784 c:\windows\WindowsMobile\Formdll.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 12800 c:\windows\WindowsMobile\el\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 12800 c:\windows\WindowsMobile\el\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 46984 c:\windows\WindowsMobile\Drivers\Serial\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 46984 c:\windows\WindowsMobile\Drivers\Serial\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24968 c:\windows\WindowsMobile\Drivers\Serial\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24968 c:\windows\WindowsMobile\Drivers\Serial\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 25992 c:\windows\WindowsMobile\Drivers\Serial\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 25992 c:\windows\WindowsMobile\Drivers\Serial\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24456 c:\windows\WindowsMobile\Drivers\Serial\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\WindowsMobile\Drivers\Serial\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 20360 c:\windows\WindowsMobile\Drivers\Serial\dtptdns.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 20360 c:\windows\WindowsMobile\Drivers\Serial\dtptdns.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 75144 c:\windows\WindowsMobile\Drivers\Serial\ceutil.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 75144 c:\windows\WindowsMobile\Drivers\Serial\ceutil.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\WindowsMobile\Drivers\Serial\btplugin.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 31624 c:\windows\WindowsMobile\Drivers\Serial\btplugin.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 46984 c:\windows\WindowsMobile\Drivers\RNDIS\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 46984 c:\windows\WindowsMobile\Drivers\RNDIS\wmcoinst-070531-0845.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24968 c:\windows\WindowsMobile\Drivers\RNDIS\wcescpxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24968 c:\windows\WindowsMobile\Drivers\RNDIS\wcescpxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 25992 c:\windows\WindowsMobile\Drivers\RNDIS\tcp2udp.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 25992 c:\windows\WindowsMobile\Drivers\RNDIS\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24456 c:\windows\WindowsMobile\Drivers\RNDIS\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\WindowsMobile\Drivers\RNDIS\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 20360 c:\windows\WindowsMobile\Drivers\RNDIS\dtptdns.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 20360 c:\windows\WindowsMobile\Drivers\RNDIS\dtptdns.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 75144 c:\windows\WindowsMobile\Drivers\RNDIS\ceutil.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 75144 c:\windows\WindowsMobile\Drivers\RNDIS\ceutil.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\WindowsMobile\Drivers\RNDIS\btplugin.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 31624 c:\windows\WindowsMobile\Drivers\RNDIS\btplugin.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 46984 c:\windows\WindowsMobile\Drivers\Bluetooth\wmcoinst-070531-0845.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 46984 c:\windows\WindowsMobile\Drivers\Bluetooth\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24968 c:\windows\WindowsMobile\Drivers\Bluetooth\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24968 c:\windows\WindowsMobile\Drivers\Bluetooth\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 25992 c:\windows\WindowsMobile\Drivers\Bluetooth\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 25992 c:\windows\WindowsMobile\Drivers\Bluetooth\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24456 c:\windows\WindowsMobile\Drivers\Bluetooth\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\WindowsMobile\Drivers\Bluetooth\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 20360 c:\windows\WindowsMobile\Drivers\Bluetooth\dtptdns.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 20360 c:\windows\WindowsMobile\Drivers\Bluetooth\dtptdns.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 75144 c:\windows\WindowsMobile\Drivers\Bluetooth\ceutil.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 75144 c:\windows\WindowsMobile\Drivers\Bluetooth\ceutil.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 31624 c:\windows\WindowsMobile\Drivers\Bluetooth\btplugin.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\WindowsMobile\Drivers\Bluetooth\btplugin.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 10240 c:\windows\WindowsMobile\de\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 10240 c:\windows\WindowsMobile\de\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 44936 c:\windows\WindowsMobile\CEFStore.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 44936 c:\windows\WindowsMobile\CEFStore.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 46472 c:\windows\WindowsMobile\ASSvrEng.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 46472 c:\windows\WindowsMobile\ASSvrEng.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 32648 c:\windows\WindowsMobile\ASStatusL.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 32648 c:\windows\WindowsMobile\ASStatusL.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 47496 c:\windows\WindowsMobile\ASDsktpEng.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 47496 c:\windows\WindowsMobile\ASDsktpEng.dll
+ 2010-08-06 20:31 . 2010-08-06 20:31 73604 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-10-15 16:02 . 2010-08-18 18:14 49732 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-27 12:25 34824 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-15 15:57 . 2010-08-22 22:01 14840 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-237298051-2971886165-3222819484-1000_UserData.bin
+ 2007-07-27 23:15 . 2010-06-02 14:06 53632 c:\windows\System32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-07-27 23:15 . 2010-06-02 14:06 54656 c:\windows\System32\spool\drivers\w32x86\LMIprinterui.dll
+ 2007-07-27 23:15 . 2010-06-02 14:06 54656 c:\windows\System32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-07-27 23:15 . 2010-06-02 14:06 42368 c:\windows\System32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-07-27 23:15 . 2010-06-02 14:06 54656 c:\windows\System32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-07-27 23:15 . 2010-06-02 14:06 54656 c:\windows\System32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2007-07-27 23:15 . 2010-06-02 14:06 42368 c:\windows\System32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2010-07-31 13:24 . 2007-07-03 14:53 70824 c:\windows\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2010-07-31 13:24 . 2007-07-03 14:59 86824 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdserd.sys
+ 2010-07-31 13:24 . 2007-07-03 14:57 11944 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
+ 2010-07-31 13:24 . 2007-07-03 14:54 80552 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdbus.sys
- 2009-07-13 23:42 . 2009-07-14 01:14 12800 c:\windows\System32\msfeedssync.exe
+ 2010-08-14 14:24 . 2010-06-30 06:19 12800 c:\windows\System32\msfeedssync.exe
+ 2010-08-14 14:24 . 2010-06-30 06:22 64512 c:\windows\System32\msfeedsbs.dll
- 2010-06-09 18:16 . 2010-05-06 12:41 64512 c:\windows\System32\msfeedsbs.dll
+ 2010-08-14 14:24 . 2010-06-30 06:25 68608 c:\windows\System32\migration\WininetPlugin.dll
- 2010-06-09 18:16 . 2010-05-21 05:18 68608 c:\windows\System32\migration\WininetPlugin.dll
+ 2007-05-25 13:22 . 2010-01-27 10:21 11552 c:\windows\System32\lmimirr2.dll
- 2007-05-25 13:22 . 2009-09-08 11:23 11552 c:\windows\System32\lmimirr2.dll
+ 2007-05-25 13:22 . 2010-01-27 10:21 25248 c:\windows\System32\lmimirr.dll
- 2007-05-25 13:22 . 2009-09-08 11:23 25248 c:\windows\System32\lmimirr.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 48128 c:\windows\System32\jsproxy.dll
- 2010-06-09 18:16 . 2010-05-21 05:14 48128 c:\windows\System32\jsproxy.dll
- 2009-07-14 04:50 . 2010-06-22 18:44 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2010-08-02 21:34 86016 c:\windows\System32\DriverStore\infpub.dat
- 2007-05-31 08:20 . 2007-05-31 08:20 46984 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 46984 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24968 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24968 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 25992 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 25992 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\tcp2udp.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24456 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapispxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 20360 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\dtptdns.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 20360 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\dtptdns.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 75144 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\ceutil.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 75144 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\ceutil.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 31624 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\btplugin.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\btplugin.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 46984 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wmcoinst-070531-0845.dll
+ 2007-05-31 14:20 . 2007-05-31 14:20 46984 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wmcoinst-070531-0845.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24968 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wcescpxy.dll
+ 2007-05-31 14:20 . 2007-05-31 14:20 24968 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wcescpxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 25992 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\tcp2udp.dll
+ 2007-05-31 14:20 . 2007-05-31 14:20 25992 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\tcp2udp.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapispxy.dll
+ 2007-05-31 14:20 . 2007-05-31 14:20 24456 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapispxy.dll
+ 2007-05-31 14:20 . 2007-05-31 14:20 20360 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\dtptdns.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 20360 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\dtptdns.dll
+ 2007-05-31 14:21 . 2007-05-31 14:21 75144 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\ceutil.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 75144 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\ceutil.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\btplugin.dll
+ 2007-05-31 14:20 . 2007-05-31 14:20 31624 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\btplugin.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 46984 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wmcoinst-070531-0845.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 46984 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wmcoinst-070531-0845.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24968 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wcescpxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24968 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wcescpxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 25992 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\tcp2udp.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 25992 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\tcp2udp.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 24456 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapispxy.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 24456 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapispxy.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 20360 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\dtptdns.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 20360 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\dtptdns.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 75144 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\ceutil.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 75144 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\ceutil.dll
- 2007-05-31 08:20 . 2007-05-31 08:20 31624 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\btplugin.dll
+ 2007-05-31 07:20 . 2007-05-31 07:20 31624 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\btplugin.dll
+ 2010-07-31 13:24 . 2007-07-03 14:57 11944 c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_x86_neutral_3d6fc7cdbbd23d69\i386\sscdmdfl.sys
+ 2010-07-31 13:24 . 2007-07-03 14:59 86824 c:\windows\System32\DriverStore\FileRepository\sscdsdm2.inf_x86_neutral_99624ac3d3f9c943\i386\sscdserd.sys
+ 2010-07-31 13:24 . 2007-07-03 14:54 80552 c:\windows\System32\DriverStore\FileRepository\sscdbus.inf_x86_neutral_a3b7ac028f2f8c85\i386\sscdbus.sys
+ 2010-07-31 13:23 . 2009-02-19 08:31 15404 c:\windows\System32\DriverStore\FileRepository\flashusb.inf_x86_neutral_8558b07b97b619bd\FlashUSB.sys
+ 2010-07-27 19:14 . 2010-01-27 10:22 47640 c:\windows\System32\drivers\LMIRfsDriver.sys
+ 2010-01-27 10:21 . 2010-01-27 10:21 10144 c:\windows\System32\drivers\lmimirr.sys
+ 2009-10-15 13:54 . 2010-08-27 12:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-15 13:54 . 2010-07-10 15:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 13:54 . 2010-08-27 12:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 13:54 . 2010-07-10 15:08 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-27 12:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-10 15:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 15:01 . 2010-07-10 15:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 15:01 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-08-20 19:45 77840 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-10-22 15:01 . 2010-07-10 15:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-27 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-22 15:01 . 2010-07-10 15:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-15 16:05 . 2010-07-10 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 16:05 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 12:09 . 2010-07-10 15:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-27 12:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-27 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-24 12:09 . 2010-07-10 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-24 12:09 . 2010-07-10 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-24 12:09 . 2010-08-27 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-15 16:05 . 2010-08-27 12:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 16:05 . 2010-07-10 15:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 16:05 . 2010-07-10 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-14 14:56 . 2010-08-14 14:56 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a06f86c78df5896fab27ef63a467f757\UIAutomationProvider.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\101740bb080b93dcd57cca0b49561b5b\System.Windows.Presentation.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\55d21368f4ac5f01a2b5b3c2a06ef811\System.Web.DynamicData.Design.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4f643751eda6cafe890f0884a6ec7392\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\89a9ddc116df21673f60cc7d1ed63e4b\System.AddIn.Contract.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\c0609e0a5700bea77d81ba5240c2a972\stdole.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cda6307ec359333afe51ed90f61db564\PresentationFontCache.ni.exe
+ 2010-08-14 14:56 . 2010-08-14 14:56 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e117973434189b11c49b65513d458a41\PresentationCFFRasterizer.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\80feaa74c880469ddc54e7708b2e8d7e\napcrypt.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\70c3c3c19342043f2cc3a206aa74e37a\Microsoft.WSMan.Runtime.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\9b6716c352f7004b86f4c35b4513a13f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\976de9ec4c99b0ef317a57d76f3a1fbc\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\82d40129a13601e4838e17aca1db8ec0\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6bdeaf57d38696f68d160e90cdb6beaa\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4b6134d905d751a3042b7518fa25bc21\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\327d654b6c42b863acc07646977bf20a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\00a681c820369841bd03932d449cb706\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\246d74010afa232d3853e4f49c7a38eb\Microsoft.Vsa.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\190adbaf753e7744782406a71e7dcd7e\Microsoft.VisualC.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e6619ce4e08b438c7caaf39f49be7e96\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\17022567749e35fb5d6b77df4de5c1db\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\37320799550691a787e6574b6899d0ee\Microsoft.Build.Framework.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\27dbf2aba276101442ddbe86a8665057\Microsoft.Build.Framework.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft-Windows-H#\a04a3004fb49fc2279ef45798938db55\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a0fb35ff977ffedbdb27f7262c979d3e\dfsvc.ni.exe
+ 2010-08-14 15:02 . 2010-08-14 15:02 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\9f333ba813d7225dfb064e1b90f0b857\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_891219a11113f34b\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_889b1bcff7e8cf9a\msxml3r.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9216 c:\windows\WindowsMobile\zh-CHT\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9216 c:\windows\WindowsMobile\zh-CHT\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9216 c:\windows\WindowsMobile\zh-CHS\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9216 c:\windows\WindowsMobile\zh-CHS\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\tr\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\tr\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\sv\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\sv\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\sk\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\sk\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\ro\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\ro\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\pt\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\pt\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\pt-BR\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\pt-BR\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9216 c:\windows\WindowsMobile\no\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9216 c:\windows\WindowsMobile\no\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\nl\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\nl\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\ko\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\ko\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\it\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\it\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\hu\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\hu\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\fi\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\fi\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\es\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\es\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:50 . 2007-05-31 06:50 9728 c:\windows\WindowsMobile\en\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:50 . 2007-05-31 07:50 9728 c:\windows\WindowsMobile\en\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\da\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\da\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 9728 c:\windows\WindowsMobile\cs\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 9728 c:\windows\WindowsMobile\cs\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2010-07-31 13:24 . 2007-07-03 15:00 9256 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
+ 2010-07-31 13:24 . 2007-07-03 14:56 9256 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
+ 2010-07-31 13:24 . 2007-07-03 14:56 9256 c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_x86_neutral_3d6fc7cdbbd23d69\i386\sscdcmnt.sys
+ 2010-07-31 13:24 . 2007-07-03 14:56 9256 c:\windows\System32\DriverStore\FileRepository\sscdsdm2.inf_x86_neutral_99624ac3d3f9c943\i386\sscdcmnt.sys
+ 2010-07-31 13:24 . 2007-07-03 15:00 9256 c:\windows\System32\DriverStore\FileRepository\sscdbus.inf_x86_neutral_a3b7ac028f2f8c85\i386\sscdwhnt.sys
- 2010-07-10 15:05 . 2010-07-10 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-26 17:48 . 2010-08-27 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-26 17:48 . 2010-08-27 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-10 15:05 . 2010-07-10 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-14 14:25 . 2010-05-20 22:43 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.20717_none_d1a2369ed0d2b389\SOS.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.16597_none_e877dfd2b7241dea\SOS.dll
+ 2010-08-14 14:25 . 2010-05-20 22:43 995672 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.20717_none_e8d3eedddcddd774\mscordacwks.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 995160 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.16597_none_ffa99811c32f41d5\mscordacwks.dll
+ 2010-08-14 14:22 . 2010-07-29 06:17 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1e52cef174\ir32_32.dll
+ 2010-08-14 14:22 . 2010-07-29 06:30 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce139a20071\ir32_32.dll
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\FWPKCLNT.SYS
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\FWPKCLNT.SYS
+ 2010-08-14 14:23 . 2010-06-22 02:45 307200 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20740_none_da72d04d70d0f1ff\srv2.sys
+ 2010-08-14 14:23 . 2010-06-22 02:47 307200 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16619_none_da12a5e05792e271\srv2.sys
+ 2010-08-14 14:23 . 2010-06-22 02:45 311296 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_da7da03970c8d60e\srv.sys
+ 2010-08-14 14:23 . 2010-06-22 02:47 310784 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_da1d75cc578ac680\srv.sys
+ 2010-08-14 14:23 . 2010-06-22 02:44 113664 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_045c65128a7c54f0\srvnet.sys
+ 2010-08-14 14:23 . 2010-06-22 02:47 113664 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_03fc3aa5713e4562\srvnet.sys
+ 2010-08-14 14:24 . 2010-06-16 05:58 224256 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20735_none_22ac534acf8b77bc\schannel.dll
+ 2010-08-14 14:24 . 2010-06-16 05:48 224256 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16612_none_22355579b660540b\schannel.dll
+ 2010-08-13 17:32 . 2010-01-28 02:11 128424 c:\windows\winsxs\x86_microsoft-windows-s..ologies-webcontrols_31bf3856ad364e35_7.1.7600.16395_none_39bc056e339474f4\WatWeb.dll
+ 2010-08-13 17:32 . 2010-01-28 02:11 114600 c:\windows\winsxs\x86_microsoft-windows-s..ologies-webcontrols_31bf3856ad364e35_7.1.7600.16395_none_39bc056e339474f4\npWatWeb.dll
+ 2010-08-13 17:32 . 2010-01-28 02:11 249768 c:\windows\winsxs\x86_microsoft-windows-s..ivationtechnologies_31bf3856ad364e35_7.1.7600.16395_none_2dac82dbc20710f5\WatUX.exe
+ 2010-08-14 14:24 . 2010-06-30 06:14 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20745_none_7fe7ec279f71beb2\ieui.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16625_none_7f73ef348643e706\ieui.dll
+ 2010-08-14 14:24 . 2010-06-30 06:14 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.20745_none_ab7463e73be351ce\ieproxy.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16625_none_ab0066f422b57a22\ieproxy.dll
+ 2010-08-14 14:24 . 2010-06-30 06:14 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.20745_none_56ea8c5831291390\iedvtool.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.16625_none_56768f6517fb3be4\iedvtool.dll
+ 2010-08-14 14:24 . 2010-06-30 06:14 186368 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.20745_none_58090436e3608fb1\iepeers.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 185856 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.16625_none_57950743ca32b805\iepeers.dll
+ 2010-08-14 14:24 . 2010-06-30 06:14 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.20745_none_8f95ec0148cfe816\iedkcs32.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.16625_none_8f21ef0e2fa2106a\iedkcs32.dll
+ 2010-08-14 14:24 . 2010-06-30 06:18 980480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
+ 2010-08-14 14:24 . 2010-06-30 06:25 978432 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
+ 2010-08-14 14:24 . 2010-06-30 06:15 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.20745_none_fc0b262c6dc5602b\mstime.dll
+ 2010-08-14 14:24 . 2010-06-30 06:22 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.16625_none_fb9729395497887f\mstime.dll
+ 2009-07-14 08:20 . 2009-07-14 08:20 307200 c:\windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.1.7600.20717_it-it_0581a6d706e420e7\mscorlib.Resources.dll
+ 2009-07-14 08:20 . 2009-07-14 08:20 307200 c:\windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.1.7600.16597_it-it_1c57500aed358b48\mscorlib.Resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\zh-CHT\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\zh-CHT\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 344064 c:\windows\WindowsMobile\zh-CHS\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 344064 c:\windows\WindowsMobile\zh-CHS\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\WindowsMobile\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 648072 c:\windows\WindowsMobile\wmdc.exe
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\tr\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\tr\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 344064 c:\windows\WindowsMobile\sv\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 344064 c:\windows\WindowsMobile\sv\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 352256 c:\windows\WindowsMobile\sk\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 352256 c:\windows\WindowsMobile\sk\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 368640 c:\windows\WindowsMobile\ru\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 368640 c:\windows\WindowsMobile\ru\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 356352 c:\windows\WindowsMobile\ro\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 356352 c:\windows\WindowsMobile\ro\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 206728 c:\windows\WindowsMobile\richink.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 206728 c:\windows\WindowsMobile\richink.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\pt\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\pt\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\pt-BR\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\pt-BR\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 356352 c:\windows\WindowsMobile\pl\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 356352 c:\windows\WindowsMobile\pl\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 270728 c:\windows\WindowsMobile\outstore.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 270728 c:\windows\WindowsMobile\outstore.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\no\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\no\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 360448 c:\windows\WindowsMobile\nl\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 360448 c:\windows\WindowsMobile\nl\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 128392 c:\windows\WindowsMobile\Microsoft.WindowsMobile.Rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 128392 c:\windows\WindowsMobile\Microsoft.WindowsMobile.Rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 382344 c:\windows\WindowsMobile\Microsoft.WindowsMobile.DeviceManager.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 382344 c:\windows\WindowsMobile\Microsoft.WindowsMobile.DeviceManager.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 132488 c:\windows\WindowsMobile\Microsoft.WindowsMobile.Common.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 132488 c:\windows\WindowsMobile\Microsoft.WindowsMobile.Common.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 100232 c:\windows\WindowsMobile\mailsync.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 100232 c:\windows\WindowsMobile\mailsync.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 228744 c:\windows\WindowsMobile\legacysyncengine.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 228744 c:\windows\WindowsMobile\legacysyncengine.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\ko\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\ko\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 352256 c:\windows\WindowsMobile\ja\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 352256 c:\windows\WindowsMobile\ja\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 352256 c:\windows\WindowsMobile\it\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 352256 c:\windows\WindowsMobile\it\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 160648 c:\windows\WindowsMobile\InkStore.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 160648 c:\windows\WindowsMobile\InkStore.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 360840 c:\windows\WindowsMobile\inkeng.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 360840 c:\windows\WindowsMobile\inkeng.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 176520 c:\windows\WindowsMobile\INetRepl.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 176520 c:\windows\WindowsMobile\INetRepl.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 360448 c:\windows\WindowsMobile\hu\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 360448 c:\windows\WindowsMobile\hu\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 352256 c:\windows\WindowsMobile\fr\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 352256 c:\windows\WindowsMobile\fr\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\fi\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\fi\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 356352 c:\windows\WindowsMobile\es\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 356352 c:\windows\WindowsMobile\es\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:52 . 2007-05-31 06:52 376832 c:\windows\WindowsMobile\en\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:52 . 2007-05-31 07:52 376832 c:\windows\WindowsMobile\en\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 380928 c:\windows\WindowsMobile\el\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 380928 c:\windows\WindowsMobile\el\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 224136 c:\windows\WindowsMobile\Drivers\WPD\wpdrapi.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 224136 c:\windows\WindowsMobile\Drivers\WPD\wpdrapi.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 648072 c:\windows\WindowsMobile\Drivers\Serial\wmdc.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\WindowsMobile\Drivers\Serial\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 379784 c:\windows\WindowsMobile\Drivers\Serial\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 379784 c:\windows\WindowsMobile\Drivers\Serial\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 125320 c:\windows\WindowsMobile\Drivers\Serial\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 125320 c:\windows\WindowsMobile\Drivers\Serial\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 223112 c:\windows\WindowsMobile\Drivers\Serial\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 223112 c:\windows\WindowsMobile\Drivers\Serial\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 183688 c:\windows\WindowsMobile\Drivers\Serial\rapimgr.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 183688 c:\windows\WindowsMobile\Drivers\Serial\rapimgr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 105352 c:\windows\WindowsMobile\Drivers\Serial\rapi.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 105352 c:\windows\WindowsMobile\Drivers\Serial\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\WindowsMobile\Drivers\RNDIS\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 648072 c:\windows\WindowsMobile\Drivers\RNDIS\wmdc.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 379784 c:\windows\WindowsMobile\Drivers\RNDIS\wcescomm.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 379784 c:\windows\WindowsMobile\Drivers\RNDIS\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 125320 c:\windows\WindowsMobile\Drivers\RNDIS\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 125320 c:\windows\WindowsMobile\Drivers\RNDIS\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 223112 c:\windows\WindowsMobile\Drivers\RNDIS\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 223112 c:\windows\WindowsMobile\Drivers\RNDIS\rapistub.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 183688 c:\windows\WindowsMobile\Drivers\RNDIS\rapimgr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 183688 c:\windows\WindowsMobile\Drivers\RNDIS\rapimgr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 105352 c:\windows\WindowsMobile\Drivers\RNDIS\rapi.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 105352 c:\windows\WindowsMobile\Drivers\RNDIS\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\WindowsMobile\Drivers\Bluetooth\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 648072 c:\windows\WindowsMobile\Drivers\Bluetooth\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 379784 c:\windows\WindowsMobile\Drivers\Bluetooth\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 379784 c:\windows\WindowsMobile\Drivers\Bluetooth\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 125320 c:\windows\WindowsMobile\Drivers\Bluetooth\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 125320 c:\windows\WindowsMobile\Drivers\Bluetooth\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 223112 c:\windows\WindowsMobile\Drivers\Bluetooth\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 223112 c:\windows\WindowsMobile\Drivers\Bluetooth\rapistub.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 183688 c:\windows\WindowsMobile\Drivers\Bluetooth\rapimgr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 183688 c:\windows\WindowsMobile\Drivers\Bluetooth\rapimgr.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 105352 c:\windows\WindowsMobile\Drivers\Bluetooth\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 105352 c:\windows\WindowsMobile\Drivers\Bluetooth\rapi.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 356352 c:\windows\WindowsMobile\de\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 356352 c:\windows\WindowsMobile\de\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 348160 c:\windows\WindowsMobile\da\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 348160 c:\windows\WindowsMobile\da\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 06:59 . 2007-05-31 06:59 352256 c:\windows\WindowsMobile\cs\Microsoft.WindowsMobile.DeviceCenter.resources.dll
- 2007-05-31 07:59 . 2007-05-31 07:59 352256 c:\windows\WindowsMobile\cs\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 173960 c:\windows\WindowsMobile\CertAuth.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 173960 c:\windows\WindowsMobile\CertAuth.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 102792 c:\windows\WindowsMobile\ceappmgr.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 102792 c:\windows\WindowsMobile\ceappmgr.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 141704 c:\windows\WindowsMobile\BakRestr.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 141704 c:\windows\WindowsMobile\BakRestr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 148872 c:\windows\WindowsMobile\AnimationLibrary.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 148872 c:\windows\WindowsMobile\AnimationLibrary.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 895880 c:\windows\WindowsMobile\AirSyncEngine.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 895880 c:\windows\WindowsMobile\AirSyncEngine.dll
+ 2010-07-31 14:42 . 2010-08-27 11:27 237166 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-21 16:25 . 2010-08-03 20:31 185760 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2010-08-13 17:32 . 2010-08-13 17:32 128424 c:\windows\System32\Wat\WatWeb.dll
+ 2010-08-13 17:32 . 2010-08-13 17:32 249768 c:\windows\System32\Wat\WatUX.exe
+ 2010-08-13 17:32 . 2010-08-13 17:32 114600 c:\windows\System32\Wat\npWatWeb.dll
+ 2010-07-31 13:24 . 2007-07-03 14:58 106792 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
+ 2010-01-05 15:39 . 2010-01-05 15:39 100896 c:\windows\System32\RTNUninst32.dll
+ 2009-07-14 02:05 . 2010-08-23 19:12 607530 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-10 13:20 607530 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-10 13:20 103908 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-08-23 19:12 103908 c:\windows\System32\perfc009.dat
- 2003-03-18 19:14 . 2003-03-18 20:14 499712 c:\windows\System32\msvcp71.dll
+ 2003-03-18 19:14 . 2003-03-19 11:14 499712 c:\windows\System32\MSVCP71.dll
+ 2010-08-14 14:24 . 2010-06-30 06:22 606208 c:\windows\System32\mstime.dll
- 2010-06-09 18:16 . 2010-05-06 12:41 606208 c:\windows\System32\mstime.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 176640 c:\windows\System32\ieui.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\System32\ieui.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 185856 c:\windows\System32\iepeers.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 381440 c:\windows\System32\iedkcs32.dll
- 2010-06-09 18:16 . 2010-05-06 12:41 381440 c:\windows\System32\iedkcs32.dll
- 2009-07-14 04:50 . 2010-06-22 18:44 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2010-08-02 21:34 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2010-08-02 21:26 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2010-06-22 18:44 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2007-05-31 07:21 . 2007-05-31 07:21 224136 c:\windows\System32\DriverStore\FileRepository\wpdrapi.inf_x86_neutral_a093053dd72737eb\WpdRapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 224136 c:\windows\System32\DriverStore\FileRepository\wpdrapi.inf_x86_neutral_a093053dd72737eb\WpdRapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 648072 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wmdc.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 379784 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wcescomm.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 379784 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 125320 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 125320 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 223112 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 223112 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 183688 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapimgr.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 183688 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapimgr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 105352 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapi.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 105352 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wmdc.exe
+ 2007-05-31 14:21 . 2007-05-31 14:21 648072 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wmdc.exe
+ 2007-05-31 14:21 . 2007-05-31 14:21 379784 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wcescomm.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 379784 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wcescomm.dll
+ 2007-05-31 14:21 . 2007-05-31 14:21 125320 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\setup.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 125320 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\setup.exe
+ 2007-05-31 14:21 . 2007-05-31 14:21 223112 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 223112 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 183688 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapimgr.dll
+ 2007-05-31 14:21 . 2007-05-31 14:21 183688 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapimgr.dll
+ 2007-05-31 14:21 . 2007-05-31 14:21 105352 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 105352 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 648072 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wmdc.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 648072 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wmdc.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 379784 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wcescomm.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 379784 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wcescomm.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 125320 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\setup.exe
- 2007-05-31 08:21 . 2007-05-31 08:21 125320 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\setup.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 223112 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapistub.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 223112 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapistub.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 183688 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapimgr.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 183688 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapimgr.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 105352 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapi.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 105352 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\rapi.dll
+ 2010-07-31 13:24 . 2007-07-03 14:58 106792 c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_x86_neutral_3d6fc7cdbbd23d69\i386\sscdmdm.sys
+ 2010-07-31 13:23 . 2009-02-19 08:31 208896 c:\windows\System32\DriverStore\FileRepository\flashusb.inf_x86_neutral_8558b07b97b619bd\UnInstall.exe
+ 2007-05-31 07:21 . 2007-05-31 07:21 224136 c:\windows\System32\drivers\UMDF\WpdRapi2.dll
+ 2010-01-12 05:37 . 2010-01-12 05:37 257568 c:\windows\System32\drivers\Rt86win7.sys
+ 2009-10-15 14:18 . 2010-08-27 12:23 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-22 15:01 . 2010-08-14 14:58 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-14 14:25 . 2010-05-20 22:49 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-01-01 18:11 . 2010-01-01 18:11 648072 c:\windows\Installer\{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
+ 2010-07-31 20:46 . 2010-07-31 20:46 648072 c:\windows\Installer\{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
+ 2010-08-14 15:02 . 2010-08-14 15:02 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\1eab6ceaf2bc688df423255ff9490d60\WsatConfig.ni.exe
+ 2010-08-14 14:57 . 2010-08-14 14:57 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f050ef6d97c0102333ded4d8d58ffa4e\UIAutomationTypes.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b3fbd794181d7b93b807a5e74991b0f9\UIAutomationClient.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\3118353bd1e1ba3f065418d837bd479e\TaskScheduler.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\cc523d58068d01f874b18e665d49eb67\System.Xml.Linq.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2f84c918be2ff7e390120c18237443c9\System.Web.Routing.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\be061062b2a6666ead57322f7fb7206f\System.Web.RegularExpressions.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\601a34c1001a27c2da41d78b6b5b40a3\System.Web.Extensions.Design.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\19fefac6b36bd2522901f7703e001fce\System.Web.Entity.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\62d687b818bd0195618e632016c7dbf7\System.Web.Entity.Design.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ca2575f5c34b0abf8e8e23b7f390e611\System.Web.DynamicData.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\8b4af536857e71fca6a33bc24b8b89d2\System.Web.Abstractions.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6b8b76b26be7d7f4c3d1cb644811a2ef\System.ServiceProcess.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5025c0c5e7134226b2fc0c4bdabf67ef\System.Security.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d35d360c6e410684be7ea9fd0a8e6b53\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\c9c7532609177f639fac55991c882d1f\System.Net.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\50583e3d9a03c78b8107b826068f4541\System.Messaging.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9d42bf7e1d49e083bf8ca3dc44ee2b19\System.Management.Instrumentation.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8dd494a51a34de9bb8dc459287fe01bc\System.IO.Log.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\1a8dbe792bff04609faff69f9327630f\System.IdentityModel.Selectors.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.Wrapper.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0964202aa721ad3fc6f4d3d9d93dbf52\System.Drawing.Design.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cd5561592e50ed277e3b1a45d529c1a4\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\689d9df56dfa4978b2593c43d4e94cdd\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1d2e67b4b6908a0119966021363b7dc\System.Data.Services.Design.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b7d5d32033299d1e34180f80aeb71748\System.Data.Services.Client.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f9230f56cf1a71f9af2e9b4e8f823d1a\System.Data.Entity.Design.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b35e8ee9e538de0ce43719f73aca5833\System.Data.DataSetExtensions.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\69cfb623bd8b1bc7dbad276f82019dcb\System.Configuration.Install.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\85b263ee17ce8086d74c45fed21c1180\System.AddIn.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\999b0b3c1e99cdf46f6afbb7daf1ae49\sysglobl.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\cb96e1d6de2c7a0c2d518761d6d139b2\SMSvcHost.ni.exe
+ 2010-08-14 15:02 . 2010-08-14 15:02 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9de488bf62eebca425759ea94d9a70e8\SMDiagnostics.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\4fce7fbded2cdd89b9052188b3d54218\ServiceModelReg.ni.exe
+ 2010-08-14 15:02 . 2010-08-14 15:02 295424 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\b22968de990db604cf987f597aac524f\SecurityAuditPoliciesSnapIn.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9da2c4ccbf8dead2507879555e600ab7\PresentationFramework.Classic.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\645eac5513e6a5587dd3f334d9fab4c2\PresentationFramework.Royale.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aa86db18e6c85f0b6144ca8b6de9b52\PresentationFramework.Luna.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\c26b8bd37831c8ec8e74365a91492fc5\napsnap.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\31d4aa4ab7644c761f3282fef4dbc5e7\napinit.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\05238736304f9b2c5f451607ab71ae18\naphlpr.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b6e1a1590a2fcf08ed4145fb92357391\MSBuild.ni.exe
+ 2010-08-14 15:02 . 2010-08-14 15:02 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\02600010d899e4abfd49e6dd18b94738\MMCFxCommon.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ea8b88af652eb8082578cdca393a4bcf\Microsoft.WSMan.Management.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\528fb7c1f755e446a1ed500d1b58ebd4\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 837120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e9ca451725c058a979a37b4308b7d2ce\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\b45fa2234d221f9bb7c55a384f1cdb82\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\9ca8aced3602f7862c36210108c54edc\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\4409b5849787db4963bf7e7aa63db009\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f6348b0de59c9de42d5d6ae71d511763\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c16b32cadfcc2b5caf6259693655a740\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b9a59377784c8283d217f4ca65b3ac9b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b83901768935aa231c768dd1a72dcdb7\Microsoft.PowerShell.Security.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f2d57e89dbdc62cffb0e7a0e15bf58b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\117653722679370f9b5da66807886739\Microsoft.ManagementConsole.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\340d7608310f04d472cdf49db6b10fec\Microsoft.GroupPolicy.Interop.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\21c923e0332038ee12e3d8504ac37b16\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\757d1a493508c965f98e23807e226f72\Microsoft.Build.Utilities.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6466be199d39a2af445708e711095775\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f3a62f35106a0a83f7b1be20142f5b6\Microsoft.Build.Engine.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0f63bf412ade976b62296fe9b9bec6f4\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\d0afb1b00eeb64c2789a9ba31ead05d2\Microsoft.ApplicationId.Framework.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 587264 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\b866336e70f648e81968c22e3feb1410\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\a19346462fbc57a1f768822f8a426509\EventViewer.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\0026d2a5ef652dd0f2ffafc5c6be0e5a\ComSvcConfig.ni.exe
+ 2010-08-14 15:02 . 2010-08-14 15:02 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\9950d80cbdcff8521c7a46d5da53a68b\AspNetMMCExt.ni.dll
+ 2010-08-14 14:25 . 2010-05-20 22:43 5822800 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.20717_none_f00fcbf704dccba1\mscorwks.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 5816656 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.16597_none_06e5752aeb2e3602\mscorwks.dll
+ 2010-08-14 14:25 . 2010-05-20 22:43 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.20717_none_8568fd099755671c\mscorlib.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.16597_none_9c3ea63d7da6d17d\mscorlib.dll
+ 2010-08-14 14:24 . 2010-06-19 04:13 2327552 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_b98c82d514ccb6c0\win32k.sys
+ 2010-08-14 14:24 . 2010-06-19 04:07 2326016 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd\win32k.sys
+ 2010-08-14 14:25 . 2010-06-14 06:06 1288576 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
+ 2010-08-14 14:25 . 2010-06-14 06:12 1286016 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
+ 2010-08-13 17:32 . 2010-01-28 02:11 1343400 c:\windows\winsxs\x86_microsoft-windows-s..ivationtechnologies_31bf3856ad364e35_7.1.7600.16395_none_2dac82dbc20710f5\WatAdminSvc.exe
+ 2010-08-14 14:22 . 2010-06-19 06:37 3909512 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
+ 2010-08-14 14:22 . 2010-06-19 06:37 3964800 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe
+ 2010-08-14 14:22 . 2010-06-19 06:33 3899784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
+ 2010-08-14 14:22 . 2010-06-19 06:33 3955080 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe
+ 2010-08-14 14:24 . 2010-06-08 05:00 1233920 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_891219a11113f34b\msxml3.dll
+ 2010-08-14 14:24 . 2010-06-08 06:02 1233920 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_889b1bcff7e8cf9a\msxml3.dll
+ 2010-08-14 14:24 . 2010-06-30 06:15 5972992 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll
+ 2010-08-14 14:24 . 2010-06-30 06:22 5971456 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll
+ 2010-08-14 14:24 . 2010-06-30 06:18 1227264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.20745_none_d0289763c81ca0bc\urlmon.dll
+ 2010-08-14 14:24 . 2010-06-30 06:25 1226240 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.16625_none_cfb49a70aeeec910\urlmon.dll
- 2007-05-31 08:21 . 2007-05-31 08:21 2061704 c:\windows\WindowsMobile\Microsoft.WindowsMobile.DeviceCenter.dll
+ 2007-05-31 07:21 . 2007-05-31 07:21 2061704 c:\windows\WindowsMobile\Microsoft.WindowsMobile.DeviceCenter.dll
+ 2010-08-13 17:32 . 2010-08-13 17:32 1343400 c:\windows\System32\Wat\WatAdminSvc.exe
+ 2010-08-14 14:24 . 2010-06-30 06:25 1226240 c:\windows\System32\urlmon.dll
+ 2009-07-14 02:03 . 2010-08-26 18:01 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-07-10 15:19 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-08-14 14:24 . 2010-06-30 06:22 5971456 c:\windows\System32\mshtml.dll
+ 2009-07-14 04:33 . 2010-08-14 14:56 2977072 c:\windows\System32\FNTCACHE.DAT
+ 2010-07-22 16:59 . 2009-07-08 14:39 1334784 c:\windows\System32\DriverStore\FileRepository\netathur.inf_x86_neutral_207524b3086b893b\athur.sys
- 2010-06-22 18:43 . 2009-07-08 08:39 1334784 c:\windows\System32\DriverStore\FileRepository\netathur.inf_x86_neutral_207524b3086b893b\athur.sys
+ 2010-07-22 16:59 . 2009-07-09 10:24 1668352 c:\windows\System32\athuw.sys
+ 2010-07-22 16:59 . 2009-07-08 14:39 1334784 c:\windows\System32\athur.sys
+ 2009-07-14 04:34 . 2010-08-14 17:01 3675830 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2010-06-26 04:21 3675830 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-11-17 18:34 . 2010-08-13 17:32 2429160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-11-17 18:34 . 2010-07-07 22:32 2429160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-14 14:25 . 2010-05-20 22:49 5816656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-06-05 15:41 . 2009-06-05 15:41 5878272 c:\windows\Installer\87148f.msi
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\217885e.msp
+ 2010-08-14 14:56 . 2010-08-14 14:56 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\316d55123fabfb1b92b6364d294ccf65\UIAutomationClientsideProviders.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 7949312 c:\windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\db5e1eda18f1fe201916f197f88cf819\System.WorkflowServices.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6cbcd0f5f64db318f682ee3be29df125\System.Workflow.Runtime.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7f793e614c5430e51ed902a5c71c2982\System.Workflow.ComponentModel.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54c2b168fd76ce84666c0a5241a9d0fa\System.Workflow.Activities.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ee24fe21a061801bb923bdc23c96388d\System.Web.Services.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\50766874720f812ab8f37c45940b1640\System.Web.Mobile.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 2400768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0119cf02155b33d89fca6687c3e03705\System.Web.Extensions.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d9d7b2b31f2139f7f8ec4679a21bcdb0\System.Speech.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5f1a3bdc51fdea45f367be500582ab41\System.ServiceModel.Web.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\86d34fbd2a7c582105eb53cbbd55c29e\System.Runtime.Serialization.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\86e1b89eec4df3c10e5ed8bf20b80ebd\System.Printing.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1f989227a5dc6c495b2062f59be3610e\System.Management.Automation.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1fe7db1174c0c3269ce34d949e201ad0\System.IdentityModel.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\86d99a77ba6496b2300d9e347373fdd9\System.DirectoryServices.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\17acef277a65333d0cd2003266af184d\System.Deployment.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f7e995e1a099c38dacf8f2aac311e14b\System.Data.SqlXml.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\77726e357d83ad9a52bfa585f13b05cb\System.Data.Services.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\bb7f3d86b4b443ee73293fa666a5f7ab\System.Data.OracleClient.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\6e6ded3ee35572638262578c00afd4dc\System.Data.Linq.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6e9445f6c035f07b31a86296f4e2be3f\System.Data.Entity.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\8b59d5d58aeeaa4c89e252b559c91a6d\SrpUxSnapIn.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\05460c4c17dba17e4c3c81ae4a42bf8a\ReachFramework.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a7cea5d83f3ae698470a1393a30242db\PresentationUI.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a3bcad5eb6d5b5dd1942f2ce44a67b5b\PresentationBuildTasks.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\4295b54ee21bfef1e972e14000ed2039\Narrator.ni.exe
+ 2010-08-14 15:03 . 2010-08-14 15:03 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\87b1ca611b5c770217555e9d78ff726f\MMCEx.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\9a681a81acd5e696d4315ebfa51a359a\MIGUIControls.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\72d87531f055ba39b1fc43d6efbd2a0e\Microsoft.VisualBasic.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\976f7d50a8d1d8bbe74b11679e784185\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ddabdd83f2727a3d37001ca299cf8a87\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9b72e5e5525c410c2964199aa4bf4dd0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-08-14 15:03 . 2010-08-14 15:03 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\60fc2cef7a33dd1b62b6c23bb713b942\Microsoft.PowerShell.Editor.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\0972a4acf48e3732ede5a7f13745f517\Microsoft.JScript.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\5196e176b6eade8e55e30404f6842a48\Microsoft.Ink.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\4c9171427e1e274dafad232787ad0689\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6e90a53a09e50dda9122b432f48e275\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0d33e9ce3f1f04cf48bff4c2dfb9f4eb\Microsoft.Build.Tasks.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ff7ebb17690b1ccc7ee8c6cfa2d107b8\Microsoft.Build.Engine.ni.dll
+ 2010-08-14 14:25 . 2010-05-20 22:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-14 14:24 . 2010-07-27 13:59 12869120 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20765_none_6c9ec3568c5ce28d\shell32.dll
+ 2010-08-14 14:24 . 2010-07-27 14:03 12867584 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_6c29c619732ff18a\shell32.dll
+ 2010-08-14 14:24 . 2010-06-30 06:14 10986496 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20745_none_7fe7ec279f71beb2\ieframe.dll
+ 2010-08-14 14:24 . 2010-06-30 06:21 10985472 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16625_none_7f73ef348643e706\ieframe.dll
+ 2009-07-14 08:17 . 2010-08-14 14:23 37596365 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
- 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\WindowsMobile\Drivers\Serial\wmupdate.msi
+ 2007-05-31 07:32 . 2007-05-31 07:32 11697152 c:\windows\WindowsMobile\Drivers\Serial\wmupdate.msi
- 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\WindowsMobile\Drivers\RNDIS\wmupdate.msi
+ 2007-05-31 07:32 . 2007-05-31 07:32 11697152 c:\windows\WindowsMobile\Drivers\RNDIS\wmupdate.msi
- 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\WindowsMobile\Drivers\Bluetooth\wmupdate.msi
+ 2007-05-31 07:32 . 2007-05-31 07:32 11697152 c:\windows\WindowsMobile\Drivers\Bluetooth\wmupdate.msi
+ 2010-08-14 14:24 . 2010-07-27 14:03 12867584 c:\windows\System32\shell32.dll
+ 2006-01-04 18:04 . 2010-08-03 18:09 35962312 c:\windows\System32\MRT.exe
+ 2010-08-14 14:24 . 2010-06-30 06:21 10985472 c:\windows\System32\ieframe.dll
+ 2007-05-31 07:32 . 2007-05-31 07:32 11697152 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wmupdate.msi
- 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_x86_neutral_4885ed43d6f0f3a4\wmupdate.msi
+ 2007-05-31 14:32 . 2007-05-31 14:32 11697152 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wmupdate.msi
- 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\System32\DriverStore\FileRepository\wcerndis.inf_x86_neutral_56159f2c2377f6d2\wmupdate.msi
- 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wmupdate.msi
+ 2007-05-31 07:32 . 2007-05-31 07:32 11697152 c:\windows\System32\DriverStore\FileRepository\wcebth.inf_x86_neutral_9b4670e431d75a3d\wmupdate.msi
+ 2010-07-27 19:10 . 2010-07-27 19:10 15916032 c:\windows\Installer\b6f77.msi
+ 2007-05-31 08:32 . 2007-05-31 08:32 11697152 c:\windows\Installer\2902a.msi
+ 2007-06-04 14:50 . 2007-06-04 14:50 13292544 c:\windows\Installer\29021.msi
+ 2010-08-14 14:57 . 2010-08-14 14:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 11804160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\064483cd86ddba6c78dd32732f6fd351\System.Web.ni.dll
+ 2010-08-14 15:02 . 2010-08-14 15:02 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5a355674c42773b646b5238853a2015d\System.ServiceModel.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cadfe0acc38aa5a20b52ddf22917688c\System.Design.ni.dll
+ 2010-08-14 14:57 . 2010-08-14 14:57 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
+ 2010-08-14 14:56 . 2010-08-14 14:56 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-03 122944]
"TelekomatXP"="c:\program files\DLULMeterFree\UKDUMFree.exe" [2004-01-15 653312]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 1474560]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2009-08-20 7256576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-01 119152]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-04-15 3788800]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Babylon.lnk - c:\programmi\Babylon\Babylon-Pro\Babylon.exe [2009-7-29 3551456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-10-29 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-10-29 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 06:05 189056 ------w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 15:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-08-06 06:27 860160 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-24 18:12 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

R2 gupdate1c98d604e5770e0;Servizio di Google Update (gupdate1c98d604e5770e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2008-08-06 905728]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2008-08-27 1238272]
R3 DPNQ;DPNQ;c:\users\User\AppData\Local\Temp\DPNQ.exe [x]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2005-07-26 43968]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-04-15 23680]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WUSB300Nx86.sys [2007-03-13 312320]
R3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
R3 UOGTPET;UOGTPET;c:\users\User\AppData\Local\Temp\UOGTPET.exe [x]
R3 vpcuxd;Servizio stub virtualizzazione USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1343400]
R4 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=c:\program files\MySQL\MySQL Server 5.0\my.ini MySQL5 [x]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-04-15 7936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2007-05-09 68040]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - gnvkt
*Deregistered* - tbmym

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Translate with &Babylon - /Translate.htm
TCP: {28B45408-2D45-42DD-B1FC-31B7DDCCB7B7} = 208.67.222.222,208.67.220.220
TCP: 77C616E6D21607 = 208.67.222.222,208.67.220.220
TCP: {E7FEB51A-11ED-4A45-A92D-69A89F18CA62} = 208.67.220.220,208.67.222.222
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Picasa\npPicasa3.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\gnvkt]

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tbmym]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ś**%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(1128)
c:\programmi\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BlueTooth\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FreePOPs\freepopsservice.exe
c:\program files\FreePOPs\freepopsd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-27 14:28:41 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2010-08-27 12:28
ComboFix2.txt 2010-08-14 21:07
ComboFix3.txt 2010-07-10 16:02

Pre-Run: 279.606.964.224 byte disponibili
Post-Run: 279.271.243.776 byte disponibili

- - End Of File - - 82766A9845125BD9EFC1C9FAD7CAFFD2



Personal notice: there are 2 deregistered services:
*Deregistered* - gnvkt
*Deregistered* - tbmym
I think these files could have stored the virus.
How can I be sure they are not downloaded again?

Anyway I am waiting for your response before any further wuastions of mine.

Thank you in advance.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 27 August 2010 - 10:36 AM

Hi Zak,

deregistered is not the same as deleted. Deleting is what we are going to do now:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\users\User\AppData\Roaming\bawuho.dat

Driver::
gnvkt
tbmym


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Do you have a Windows CD handy? Some of the files seem to have been damaged and I would like ot replace them.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 27 August 2010 - 12:27 PM

Ok, done.

Important notice: ComboFix, after completing its stages, after having deleted the file c:\users\User\AppData\Roaming\bawuho.dat, informed me it was going to reboot the PC ("Please let Combofix reboot...")
Before automatic rebooting, a Warning Message Dialog appeared on screen:

QUOTE
Current registry file not found:

\device\harddiskVolume1\Boot\BCD

Restore this file? [ Yes ] [ No ]


I clicked NO , then ComboFix rebooted my machine, Windows loaded regularly, combofix completed its work and showed the LOG.

I hope I did the right thing...

Here's the LOG:

ComboFix 10-08-26.04 - User 27/08/2010 19:00:42.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3582.2197 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
Opzioni usate :: c:\users\User\Desktop\CFScript.txt

FILE ::
"c:\users\User\AppData\Roaming\bawuho.dat"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\User\AppData\Roaming\bawuho.dat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GNVKT
-------\Legacy_TBMYM
-------\Service_gnvkt
-------\Service_tbmym


((((((((((((((((((((((((( Files Creati Da 2010-07-27 al 2010-08-27 )))))))))))))))))))))))))))))))))))
.

2010-08-27 17:07 . 2010-08-27 17:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-27 17:07 . 2010-08-27 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 23:00 . 2010-08-14 23:00 -------- d-----w- c:\program files\Sophos
2010-08-14 22:55 . 2010-08-14 22:55 -------- d-----w- c:\programdata\Downloaded Installations
2010-08-14 21:30 . 2010-08-14 21:36 -------- d-----w- c:\programdata\SecTaskMan
2010-08-14 21:30 . 2010-08-14 21:37 -------- d-----w- c:\program files\Security Task Manager
2010-08-14 21:28 . 2010-08-14 21:37 -------- d-----w- c:\program files\Wireshark
2010-08-14 20:59 . 2010-08-27 17:11 -------- d-----w- c:\users\User\AppData\Local\temp
2010-08-14 14:25 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-14 14:23 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 14:23 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 14:23 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-14 14:22 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 14:22 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 14:22 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-14 14:22 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-14 12:59 . 2010-08-27 17:10 764416 ----a-w- c:\windows\system32\drivers\gnvkt.sys
2010-08-14 12:59 . 2010-08-27 17:10 585504 ----a-w- c:\windows\system32\drivers\tbmym.sys
2010-08-13 17:32 . 2010-08-13 17:32 -------- d-----w- c:\windows\system32\Wat
2010-08-12 17:09 . 2010-08-27 17:11 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-02 21:35 . 2010-08-02 21:35 -------- d-----w- c:\users\User\AppData\Roaming\Samsung
2010-08-02 21:04 . 2009-11-19 18:02 66952 ----a-w- C:\BUPDATER.EXE
2010-08-02 21:04 . 2010-08-14 18:45 -------- d-----w- c:\users\User\AppData\Roaming\DNA
2010-08-02 21:04 . 2010-08-14 16:45 -------- d-----w- c:\program files\DNA
2010-08-02 21:04 . 2010-08-02 21:04 -------- d-----w- c:\users\User\AppData\Local\DNA
2010-07-31 13:24 . 2010-07-31 13:24 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-07-31 13:23 . 2010-07-31 13:23 -------- d-----w- c:\program files\DWD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 17:11 . 2009-10-26 19:02 -------- d-----w- c:\programdata\Babylon
2010-08-27 17:11 . 2009-10-15 16:07 -------- d-----w- c:\programdata\NVIDIA
2010-08-27 11:27 . 2010-07-28 15:51 -------- d-----w- c:\program files\LogMeIn
2010-08-26 22:02 . 2009-10-26 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-25 19:50 . 2009-10-26 18:54 -------- d-----w- c:\program files\StepMania CVS
2010-08-23 19:12 . 2009-07-14 08:21 691004 ----a-w- c:\windows\system32\perfh010.dat
2010-08-23 19:12 . 2009-07-14 08:21 125044 ----a-w- c:\windows\system32\perfc010.dat
2010-08-17 11:15 . 2009-12-12 15:22 -------- d-----w- c:\program files\PeerBlock
2010-08-16 22:18 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-08-14 21:47 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\Wireshark
2010-08-14 21:37 . 2009-10-26 19:02 -------- d-----w- c:\program files\WinPcap
2010-08-14 16:47 . 2009-10-26 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-14 16:13 . 2009-10-26 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 14:39 . 2010-08-14 14:39 20992 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{584B078D-3C85-93E3-D10C-66D3978C5C37}-svchost.exe
2010-08-14 12:59 . 2010-01-24 18:00 -------- d-----w- c:\programdata\Mozilla Firefox
2010-08-13 17:32 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-13 17:32 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-13 17:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-12 17:16 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2010-08-10 11:20 . 2009-10-26 18:49 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 12:32 . 2010-06-13 21:30 2828 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-08-07 09:08 . 2009-10-26 19:00 -------- d-----w- c:\program files\SyncBack
2010-08-02 21:33 . 2009-10-15 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 21:26 . 2010-08-02 21:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-08-02 21:01 . 2009-10-26 20:45 -------- d-----w- c:\users\User\AppData\Roaming\Download Manager
2010-07-31 13:23 . 2009-10-26 18:53 -------- d-----w- c:\program files\Samsung
2010-07-28 22:40 . 2006-06-02 15:29 10 ----a-w- c:\windows\popcinfo.dat
2010-07-28 15:52 . 2010-07-28 15:52 -------- d-----w- c:\programdata\LogMeIn
2010-07-25 22:19 . 2010-01-24 18:00 23512 ----a-w- c:\programdata\Mozilla Firefox\components\browserdirprovider.dll
2010-07-25 22:19 . 2010-01-24 18:00 138712 ----a-w- c:\programdata\Mozilla Firefox\components\brwsrcmp.dll
2010-07-25 22:19 . 2010-01-24 18:00 17880 ----a-w- c:\programdata\Mozilla Firefox\AccessibleMarshal.dll
2010-07-23 07:51 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Notepad++
2010-07-23 07:50 . 2009-10-26 18:53 -------- d-----w- c:\program files\Notepad++
2010-07-22 16:58 . 2010-07-22 16:58 -------- d-----w- c:\programdata\Atheros
2010-07-22 16:50 . 2010-04-15 21:36 -------- d-----w- c:\programdata\FNET
2010-06-30 06:25 . 2010-08-14 14:24 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-25 17:07 . 2010-06-25 17:07 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07 . 2010-06-25 17:07 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07 . 2010-06-25 17:07 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-25 17:03 . 2010-06-25 17:03 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-06-19 19:34 . 2010-06-19 19:34 103864 ----a-w- c:\programdata\Mozilla Firefox\plugins\nppdf32.dll
2010-06-19 06:23 . 2010-08-14 14:24 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-14 14:24 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-14 14:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-13 21:30 . 2009-10-15 16:01 320208 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-08 06:02 . 2010-08-14 14:24 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 14:06 . 2007-07-27 23:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-02 14:06 . 2007-07-27 23:15 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-02 14:06 . 2007-07-27 23:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-01 09:44 . 2010-07-30 14:49 3907584 ----a-w- c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-05-31 19:57 . 2010-05-31 19:57 50354 ----a-w- c:\users\User\AppData\Roaming\Facebook\uninstall.exe
2008-02-23 22:44 . 2005-05-13 15:12 217073 --sh--r- c:\windows\meta4.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sh--r- c:\windows\System32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sh--r- c:\windows\System32\cygz.dll
2006-05-03 10:06 . 2009-08-01 08:57 163328 --sh--r- c:\windows\System32\flvDX.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sh--r- c:\windows\System32\i420vfw.dll
2006-07-30 21:14 . 2004-10-31 18:29 11894 --sh--w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-08-01 08:57 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-08-01 08:57 216064 --sh--r- c:\windows\System32\nbDX.dll
2005-02-28 11:16 . 2005-02-28 11:16 240128 --sh--r- c:\windows\System32\x.264.exe
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-13 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\erdnt\cache\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\System32\dllcache\user32.dll

[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\System32\msgsvc.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2002-12-17 17:47 . 8718CF284545073A31B80FA71B60E228 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\System32\ntmssvc.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-08-27_12.23.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 15:57 . 2010-08-27 12:25 15132 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-237298051-2971886165-3222819484-1000_UserData.bin
- 2009-10-15 13:54 . 2010-08-27 12:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 13:54 . 2010-08-27 17:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-15 13:54 . 2010-08-27 12:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-15 13:54 . 2010-08-27 17:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-08-27 12:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-27 17:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 15:01 . 2010-08-27 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 15:01 . 2010-08-27 17:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-27 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-27 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-15 16:05 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 16:05 . 2010-08-27 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-24 12:09 . 2010-08-27 17:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-24 12:09 . 2010-08-27 12:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-24 12:09 . 2010-08-27 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-27 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-27 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-24 12:09 . 2010-08-27 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-15 16:05 . 2010-08-27 12:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-27 17:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 16:05 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-27 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-26 17:48 . 2010-08-27 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-26 17:48 . 2010-08-27 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-26 17:48 . 2010-08-27 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-26 17:48 . 2010-08-27 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-15 14:18 . 2010-08-27 12:23 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-15 14:18 . 2010-08-27 17:11 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-03 122944]
"TelekomatXP"="c:\program files\DLULMeterFree\UKDUMFree.exe" [2004-01-15 653312]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 1474560]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2009-08-20 7256576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-01 119152]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-04-15 3788800]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Babylon.lnk - c:\programmi\Babylon\Babylon-Pro\Babylon.exe [2009-7-29 3551456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-10-29 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-10-29 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 06:05 189056 ------w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 15:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-08-06 06:27 860160 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-24 18:12 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2008-08-06 905728]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2008-08-27 1238272]
R3 DPNQ;DPNQ;c:\users\User\AppData\Local\Temp\DPNQ.exe [x]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2005-07-26 43968]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-04-15 23680]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-04-15 7936]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2007-05-09 68040]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Translate with &Babylon - /Translate.htm
TCP: {28B45408-2D45-42DD-B1FC-31B7DDCCB7B7} = 208.67.222.222,208.67.220.220
TCP: 77C616E6D21607 = 208.67.222.222,208.67.220.220
TCP: {E7FEB51A-11ED-4A45-A92D-69A89F18CA62} = 208.67.220.220,208.67.222.222
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Picasa\npPicasa3.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ś**%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3232)
c:\programmi\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\windows\system32\conhost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-27 19:18:36 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2010-08-27 17:18
ComboFix2.txt 2010-08-27 12:28
ComboFix3.txt 2010-08-14 21:07
ComboFix4.txt 2010-07-10 16:02

Pre-Run: 279.361.056.768 byte disponibili
Post-Run: 279.107.821.568 byte disponibili

- - End Of File - - 187945A4C6523D287DE98BF72B91F9CD


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 29 August 2010 - 06:08 AM

Hi,

yes, that was fine.

There is some more leftover I would like you to remove:
Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/topic340920.html
Driver::
DPNQ
Collect::
c:\users\User\AppData\Local\Temp\DPNQ.exe


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 29 August 2010 - 07:52 AM

Hi myrti,

I ran combofix by dragging CFScript.txt.

combofix asked me to download a more recent version, I clicked YES.

After doing its job, ComboFix informed me it was going to reboot the machine. As happened last time, a message dialog appaered:

Current registry file not found:

\device\harddiskVolume1\Boot\BCD

Restore this file? [ Yes ] [ No ]

and I answered NO again. (what happens if I answer YES?)

After rebooting combfix have generated the LOG, but with no message box. I am not sure it has uploaded the DPNQ.exe file.

Anyway, following is the latest ComboFix LOG:


ComboFix 10-08-28.02 - User 29/08/2010 14:28:14.5.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3582.2302 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
Opzioni usate :: c:\users\User\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DPNQ


((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-29 )))))))))))))))))))))))))))))))))))
.

2010-08-29 12:35 . 2010-08-29 12:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-29 12:35 . 2010-08-29 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 07:58 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-14 23:00 . 2010-08-14 23:00 -------- d-----w- c:\program files\Sophos
2010-08-14 22:55 . 2010-08-14 22:55 -------- d-----w- c:\programdata\Downloaded Installations
2010-08-14 21:30 . 2010-08-14 21:36 -------- d-----w- c:\programdata\SecTaskMan
2010-08-14 21:30 . 2010-08-14 21:37 -------- d-----w- c:\program files\Security Task Manager
2010-08-14 21:28 . 2010-08-14 21:37 -------- d-----w- c:\program files\Wireshark
2010-08-14 20:59 . 2010-08-29 12:37 -------- d-----w- c:\users\User\AppData\Local\temp
2010-08-14 14:25 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-14 14:23 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 14:23 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 14:23 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-14 14:22 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 14:22 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 14:22 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-14 14:22 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-14 12:59 . 2010-08-27 17:10 764416 ----a-w- c:\windows\system32\drivers\gnvkt.sys
2010-08-14 12:59 . 2010-08-27 17:10 585504 ----a-w- c:\windows\system32\drivers\tbmym.sys
2010-08-13 17:32 . 2010-08-13 17:32 -------- d-----w- c:\windows\system32\Wat
2010-08-12 17:09 . 2010-08-29 12:36 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-02 21:35 . 2010-08-02 21:35 -------- d-----w- c:\users\User\AppData\Roaming\Samsung
2010-08-02 21:04 . 2009-11-19 18:02 66952 ----a-w- C:\BUPDATER.EXE
2010-08-02 21:04 . 2010-08-14 18:45 -------- d-----w- c:\users\User\AppData\Roaming\DNA
2010-08-02 21:04 . 2010-08-14 16:45 -------- d-----w- c:\program files\DNA
2010-08-02 21:04 . 2010-08-02 21:04 -------- d-----w- c:\users\User\AppData\Local\DNA
2010-07-31 13:24 . 2010-07-31 13:24 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-07-31 13:23 . 2010-07-31 13:23 -------- d-----w- c:\program files\DWD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 12:37 . 2009-10-26 19:02 -------- d-----w- c:\programdata\Babylon
2010-08-29 12:36 . 2009-10-15 16:07 -------- d-----w- c:\programdata\NVIDIA
2010-08-29 12:20 . 2009-12-12 15:22 -------- d-----w- c:\program files\PeerBlock
2010-08-29 12:05 . 2009-10-26 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-29 08:02 . 2009-07-14 08:21 700102 ----a-w- c:\windows\system32\perfh010.dat
2010-08-29 08:02 . 2009-07-14 08:21 128182 ----a-w- c:\windows\system32\perfc010.dat
2010-08-29 08:00 . 2009-10-26 18:51 -------- d-----w- c:\program files\Microsoft.NET
2010-08-28 22:33 . 2010-07-28 15:51 -------- d-----w- c:\program files\LogMeIn
2010-08-25 19:50 . 2009-10-26 18:54 -------- d-----w- c:\program files\StepMania CVS
2010-08-16 22:18 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-08-14 21:47 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\Wireshark
2010-08-14 21:37 . 2009-10-26 19:02 -------- d-----w- c:\program files\WinPcap
2010-08-14 16:47 . 2009-10-26 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-14 16:13 . 2009-10-26 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 14:39 . 2010-08-14 14:39 20992 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{584B078D-3C85-93E3-D10C-66D3978C5C37}-svchost.exe
2010-08-14 12:59 . 2010-01-24 18:00 -------- d-----w- c:\programdata\Mozilla Firefox
2010-08-13 17:32 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-13 17:32 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-13 17:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-12 17:16 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2010-08-10 11:20 . 2009-10-26 18:49 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 12:32 . 2010-06-13 21:30 2828 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-08-07 09:08 . 2009-10-26 19:00 -------- d-----w- c:\program files\SyncBack
2010-08-02 21:33 . 2009-10-15 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 21:26 . 2010-08-02 21:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-08-02 21:01 . 2009-10-26 20:45 -------- d-----w- c:\users\User\AppData\Roaming\Download Manager
2010-07-31 13:23 . 2009-10-26 18:53 -------- d-----w- c:\program files\Samsung
2010-07-28 22:40 . 2006-06-02 15:29 10 ----a-w- c:\windows\popcinfo.dat
2010-07-28 15:52 . 2010-07-28 15:52 -------- d-----w- c:\programdata\LogMeIn
2010-07-25 22:19 . 2010-01-24 18:00 23512 ----a-w- c:\programdata\Mozilla Firefox\components\browserdirprovider.dll
2010-07-25 22:19 . 2010-01-24 18:00 138712 ----a-w- c:\programdata\Mozilla Firefox\components\brwsrcmp.dll
2010-07-25 22:19 . 2010-01-24 18:00 17880 ----a-w- c:\programdata\Mozilla Firefox\AccessibleMarshal.dll
2010-07-23 07:51 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Notepad++
2010-07-23 07:50 . 2009-10-26 18:53 -------- d-----w- c:\program files\Notepad++
2010-07-22 16:58 . 2010-07-22 16:58 -------- d-----w- c:\programdata\Atheros
2010-07-22 16:50 . 2010-04-15 21:36 -------- d-----w- c:\programdata\FNET
2010-06-30 06:25 . 2010-08-14 14:24 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-25 17:07 . 2010-06-25 17:07 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07 . 2010-06-25 17:07 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07 . 2010-06-25 17:07 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-25 17:03 . 2010-06-25 17:03 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-06-19 19:34 . 2010-06-19 19:34 103864 ----a-w- c:\programdata\Mozilla Firefox\plugins\nppdf32.dll
2010-06-19 06:23 . 2010-08-14 14:24 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-14 14:24 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-14 14:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-13 21:30 . 2009-10-15 16:01 320208 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-08 06:02 . 2010-08-14 14:24 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 14:06 . 2007-07-27 23:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-02 14:06 . 2007-07-27 23:15 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-02 14:06 . 2007-07-27 23:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-01 09:44 . 2010-07-30 14:49 3907584 ----a-w- c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-05-31 19:57 . 2010-05-31 19:57 50354 ----a-w- c:\users\User\AppData\Roaming\Facebook\uninstall.exe
2008-02-23 22:44 . 2005-05-13 15:12 217073 --sh--r- c:\windows\meta4.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sh--r- c:\windows\System32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sh--r- c:\windows\System32\cygz.dll
2006-05-03 10:06 . 2009-08-01 08:57 163328 --sh--r- c:\windows\System32\flvDX.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sh--r- c:\windows\System32\i420vfw.dll
2006-07-30 21:14 . 2004-10-31 18:29 11894 --sh--w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-08-01 08:57 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-08-01 08:57 216064 --sh--r- c:\windows\System32\nbDX.dll
2005-02-28 11:16 . 2005-02-28 11:16 240128 --sh--r- c:\windows\System32\x.264.exe
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-13 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\erdnt\cache\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\System32\dllcache\user32.dll

[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\System32\msgsvc.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2002-12-17 17:47 . 8718CF284545073A31B80FA71B60E228 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\System32\ntmssvc.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-08-27_12.23.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 16:02 . 2010-08-29 12:02 49994 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-29 12:02 34824 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-08-27 12:25 34824 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-15 15:57 . 2010-08-29 12:02 15244 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-237298051-2971886165-3222819484-1000_UserData.bin
- 2009-10-15 13:54 . 2010-08-27 12:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 13:54 . 2010-08-29 12:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 13:54 . 2010-08-29 12:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 13:54 . 2010-08-27 12:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-29 12:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-08-27 12:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 15:01 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 15:01 . 2010-08-27 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-29 12:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-15 16:05 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 12:09 . 2010-08-27 12:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-29 12:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-29 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-24 12:09 . 2010-08-27 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-24 12:09 . 2010-08-27 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-24 12:09 . 2010-08-29 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-15 16:05 . 2010-08-29 12:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 16:05 . 2010-08-27 12:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-15 16:05 . 2010-08-27 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-18 11:16 . 2010-03-18 11:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 10624 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\WindowsFormsIntegration.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 85352 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\WindowsBase.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 13688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\UIAutomationTypes.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 10104 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\UIAutomationProvider.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 16272 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\UIAutomationClientsideProviders.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 15224 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\UIAutomationClient.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 11160 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\System.Windows.Input.Manipulations.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 57200 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\System.Speech.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 22896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\System.Printing.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 34160 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\ReachFramework.resources.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-04-22 03:37 . 2010-04-22 03:37 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe
+ 2010-04-22 03:51 . 2010-04-22 03:51 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\1033\SetupResources.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 42880 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 62880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-04-21 18:51 . 2010-04-21 18:51 14192 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Xml.Linq.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 61288 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Xaml.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 81272 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Web.Services.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 12176 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Web.ApplicationServices.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 22904 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Transactions.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 36736 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ServiceProcess.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 17288 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ServiceModel.Routing.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 46480 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ServiceModel.Discovery.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 12168 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ServiceModel.Channels.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 40336 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ServiceModel.Activities.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 24944 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Security.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 17840 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Runtime.Serialization.Formatters.Soap.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 26496 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Runtime.Remoting.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 49040 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Runtime.DurableInstancing.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 12144 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Numerics.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 24424 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Net.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 73072 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Messaging.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 19320 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Management.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 17304 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Management.Instrumentation.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 17264 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.IO.Log.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 48528 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.IdentityModel.Selectors.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 49528 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.IdentityModel.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 29064 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.EnterpriseServices.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 12144 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Dynamic.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 20848 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Drawing.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 36224 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.DirectoryServices.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 22936 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.DirectoryServices.Protocols.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 30632 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.DirectoryServices.AccountManagement.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 10608 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Device.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 34680 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\system.data.sqlxml.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 45448 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Data.Services.Client.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 50032 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Data.Linq.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 11152 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Data.DataSetExtensions.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 83816 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Core.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 43896 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Configuration.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 24456 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Configuration.Install.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 17824 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ComponentModel.DataAnnotations.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 30104 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ComponentModel.Composition.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 24424 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.AddIn.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 16280 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Activities.DurableInstancing.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 16736 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\sysglobl.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 16744 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\SMSvcHost.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 10608 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\SMDiagnostics.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 16736 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Regasm.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 54144 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.VisualBasic.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 15256 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 15272 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 24464 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.Transactions.Bridge.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 11160 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.Transactions.Bridge.Dtc.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 39800 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.JScript.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 30064 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\Microsoft.CSharp.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 13144 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\JSC.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 10088 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\InstallUtil.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 11632 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\CustomMarshalers.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 29024 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\caspol.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 11112 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\AddInUtil.resources.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\mscorsecr.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\mscorees.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 21328 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\mscoreeis.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 10576 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\CvtResUI.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\alinkui.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 10624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\WindowsFormsIntegration.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 85352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\WindowsBase.resources.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 13688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\UIAutomationTypes.resources.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 10104 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\UIAutomationProvider.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 16272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 15224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\UIAutomationClient.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 14192 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Xml.Linq.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 61288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Xaml.resources.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 11160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Windows.Input.Manipulations.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Web.Services.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 12176 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Web.ApplicationServices.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 22904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Transactions.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Transactions.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 57200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Speech.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 36736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 17288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.ServiceModel.Routing.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 46480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.ServiceModel.Discovery.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.ServiceModel.Channels.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 40336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.ServiceModel.Activities.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Security.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 17840 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 26496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Runtime.Remoting.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 49040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Runtime.DurableInstancing.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 22896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Printing.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Printing.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 12144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Numerics.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 24424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Net.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 73072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Messaging.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 19320 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Management.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 17304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Management.Instrumentation.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 17264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.IO.Log.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 48528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.IdentityModel.Selectors.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 49528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.IdentityModel.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 29064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.EnterpriseServices.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 12144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\system.dynamic.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Dynamic.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 20848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Drawing.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 36224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 22936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 30632 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 10608 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Device.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 34680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\system.data.sqlxml.resources\v4.0_4.0.0.0_it_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 45448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Data.Services.Client.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 50032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Data.Linq.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 11152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Data.DataSetExtensions.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 83816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Core.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 43896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 24456 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 17824 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.ComponentModel.DataAnnotations.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 30104 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.ComponentModel.Composition.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 24424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.AddIn.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 16280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Activities.DurableInstancing.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 16736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 10608 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics.resources\v4.0_4.0.0.0_it_b77a5c561934e089\SMDiagnostics.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 16736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Regasm.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Regasm.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 34160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ReachFramework.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 54144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 15256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 15272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 24464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 11160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 39800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Jscript.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 30064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Microsoft.CSharp.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 13144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\jsc.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\JSC.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 10088 c:\windows\Microsoft.NET\assembly\GAC_MSIL\InstallUtil.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\InstallUtil.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 11632 c:\windows\Microsoft.NET\assembly\GAC_MSIL\CustomMarshalers.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\CustomMarshalers.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 29024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\caspol.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\caspol.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 11112 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AddInUtil.resources\v4.0_4.0.0.0_it_b77a5c561934e089\AddInUtil.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-07-13 23:26 . 2009-07-14 01:03 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.20749_none_0cb171a26c998e15\AcRes.dll
+ 2009-07-13 23:26 . 2009-07-14 01:03 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.16629_none_0c3d74af536bb669\AcRes.dll
- 2010-08-26 17:48 . 2010-08-27 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-29 12:00 . 2010-08-29 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-29 12:00 . 2010-08-29 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-26 17:48 . 2010-08-27 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 9608 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\System.Windows.Presentation.resources.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 9608 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Windows.Presentation.resources.dll
+ 2010-08-29 07:58 . 2010-04-07 07:33 571904 c:\windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20685_none_bd60214875eb62b1\oleaut32.dll
+ 2010-08-29 07:58 . 2010-04-07 07:10 571904 c:\windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16567_none_bcee24e95cbbbdb3\oleaut32.dll
+ 2009-07-13 23:26 . 2009-07-14 01:14 211968 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20749_none_0cb572ca6c95f371\AcXtrnal.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14 559616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20749_none_0cb572ca6c95f371\AcLayers.dll
+ 2009-07-13 23:26 . 2009-07-14 01:14 211968 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16629_none_0c4175d753681bc5\AcXtrnal.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14 559616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16629_none_0c4175d753681bc5\AcLayers.dll
+ 2010-07-31 14:42 . 2010-08-28 21:58 239378 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:05 . 2010-08-29 08:02 616348 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-29 08:02 106728 c:\windows\System32\perfc009.dat
+ 2010-03-18 11:16 . 2010-03-18 11:16 771424 c:\windows\System32\msvcr100_clr0400.dll
- 2009-10-15 14:18 . 2010-08-27 12:23 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-15 14:18 . 2010-08-29 12:37 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-18 11:16 . 2010-03-18 11:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 364400 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\PresentationUI.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 258432 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\PresentationFramework.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 107888 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\it\PresentationCore.resources.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-17 22:51 . 2010-03-17 22:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2010-03-18 23:07 . 2010-03-18 23:07 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\SetupEngine.dll
+ 2010-04-22 04:28 . 2010-04-22 04:28 437760 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\netfx_corelp_x86.msi
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 158056 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.xml.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 432504 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Windows.Forms.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 208800 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Windows.Forms.DataVisualization.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 496504 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.ServiceModel.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 102792 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.RunTime.Serialization.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 225120 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 283000 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Deployment.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 342888 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Data.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 483704 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Data.Entity.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 105336 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Activities.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 551312 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Activities.Presentation.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 239000 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\System.Activities.Core.Presentation.resources.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 436560 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 314208 c:\windows\Microsoft.NET\Framework\v4.0.30319\it\mscorlib.resources.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 294728 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\vbc7ui.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 294808 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-04-21 18:51 . 2010-04-21 18:51 214856 c:\windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 158056 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.xml.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.xml.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 432504 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Windows.Forms.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 208800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Windows.Forms.DataVisualization.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 496504 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.ServiceModel.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 102792 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.RunTime.Serialization.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 225120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 283000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 342888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Data.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 483704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.resources\v4.0_4.0.0.0_it_b77a5c561934e089\System.Data.Entity.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 105336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Activities.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 551312 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Activities.Presentation.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 239000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\System.Activities.Core.Presentation.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 364400 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\PresentationUI.resources.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 258432 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 107888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationCore.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\PresentationCore.resources.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 314208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-04-22 04:28 . 2010-04-22 04:28 437760 c:\windows\Installer\9a8a1.msi
+ 2010-08-29 08:01 . 2010-08-29 08:01 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
+ 2009-07-14 02:03 . 2010-08-29 12:32 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-08-26 18:01 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-03-18 11:16 . 2010-03-18 11:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2010-03-18 11:16 . 2010-03-18 11:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2010-08-29 08:00 . 2010-08-29 08:01 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-29 08:00 . 2010-08-29 08:00 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Installer\7ae8a.msi
+ 2010-08-29 08:01 . 2010-08-29 08:01 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll
+ 2009-07-14 08:17 . 2010-08-29 07:58 37748165 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2010-08-29 08:01 . 2010-08-29 08:01 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
+ 2010-08-29 08:02 . 2010-08-29 08:02 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
+ 2010-08-29 08:01 . 2010-08-29 08:01 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-03 122944]
"TelekomatXP"="c:\program files\DLULMeterFree\UKDUMFree.exe" [2004-01-15 653312]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 1474560]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2009-08-20 7256576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-01 119152]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-04-15 3788800]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Babylon.lnk - c:\programmi\Babylon\Babylon-Pro\Babylon.exe [2009-7-29 3551456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-10-29 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-10-29 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 06:05 189056 ------w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 15:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-08-06 06:27 860160 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-24 18:12 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

R2 gupdate1c98d604e5770e0;Servizio di Google Update (gupdate1c98d604e5770e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2008-08-06 905728]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2008-08-27 1238272]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2005-07-26 43968]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-04-15 23680]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WUSB300Nx86.sys [2007-03-13 312320]
R3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
R3 UOGTPET;UOGTPET;c:\users\User\AppData\Local\Temp\UOGTPET.exe [x]
R3 vpcuxd;Servizio stub virtualizzazione USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1343400]
R4 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=c:\program files\MySQL\MySQL Server 5.0\my.ini MySQL5 [x]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-04-15 7936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2007-05-09 68040]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Translate with &Babylon - /Translate.htm
TCP: {28B45408-2D45-42DD-B1FC-31B7DDCCB7B7} = 208.67.222.222,208.67.220.220
TCP: 77C616E6D21607 = 208.67.222.222,208.67.220.220
TCP: {E7FEB51A-11ED-4A45-A92D-69A89F18CA62} = 208.67.220.220,208.67.222.222
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Picasa\npPicasa3.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ś**%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(5900)
c:\programmi\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BlueTooth\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FreePOPs\freepopsservice.exe
c:\program files\FreePOPs\freepopsd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-29 14:43:03 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2010-08-29 12:43
ComboFix2.txt 2010-08-27 17:18
ComboFix3.txt 2010-08-27 12:28
ComboFix4.txt 2010-08-14 21:07
ComboFix5.txt 2010-08-29 12:26

Pre-Run: 278.081.122.304 byte disponibili
Post-Run: 277.985.648.640 byte disponibili

- - End Of File - - 6DCD8E1FA36BEB145BD0B4D68414C251


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 29 August 2010 - 08:11 AM

Hi,

ok, this is not working as intended. We deleted on service, no the other one has resurfaced. Let's give it one more try:

Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/topic340920.html
Driver::
DPNQ
UOGTPET
Collect::
c:\windows\system32\drivers\gnvkt.sys
c:\windows\system32\drivers\tbmym.sys
Suspect::


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

BCD is the boot configuration data. In theory if that is restored your previous setting for booting will be restored, so nothing bad should happen. In practice, as I don't know if the malware has been messing with BCD, I would like not to restore it as of now.
Do you get this message only when ComboFix reboots the PC or also when you reboot the PC by yourself?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 29 August 2010 - 09:54 AM

Hi myrti,

QUOTE
...as I don't know if the malware has been messing with BCD, I would like not to restore it as of now.
Do you get this message only when ComboFix reboots the PC or also when you reboot the PC by yourself?

Only when ComboFix reboots the PC. Normal reboot don't show that message.


Now the upload worked.

Following the latest LOG:

ComboFix 10-08-28.02 - User 29/08/2010 16:35:59.6.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3582.2249 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
Opzioni usate :: c:\users\User\Desktop\CFScript.txt

file zipped: c:\windows\system32\drivers\gnvkt.sys
file zipped: c:\windows\system32\drivers\tbmym.sys
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gnvkt.sys
c:\windows\system32\drivers\tbmym.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UOGTPET


((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-29 )))))))))))))))))))))))))))))))))))
.

2010-08-29 14:41 . 2010-08-29 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-29 14:41 . 2010-08-29 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 07:58 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-14 23:00 . 2010-08-14 23:00 -------- d-----w- c:\program files\Sophos
2010-08-14 22:55 . 2010-08-14 22:55 -------- d-----w- c:\programdata\Downloaded Installations
2010-08-14 21:30 . 2010-08-14 21:36 -------- d-----w- c:\programdata\SecTaskMan
2010-08-14 21:30 . 2010-08-14 21:37 -------- d-----w- c:\program files\Security Task Manager
2010-08-14 21:28 . 2010-08-14 21:37 -------- d-----w- c:\program files\Wireshark
2010-08-14 20:59 . 2010-08-29 14:43 -------- d-----w- c:\users\User\AppData\Local\temp
2010-08-14 14:25 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-14 14:23 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 14:23 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 14:23 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-14 14:22 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 14:22 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 14:22 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-14 14:22 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 17:32 . 2010-08-13 17:32 -------- d-----w- c:\windows\system32\Wat
2010-08-12 17:09 . 2010-08-29 14:43 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-02 21:35 . 2010-08-02 21:35 -------- d-----w- c:\users\User\AppData\Roaming\Samsung
2010-08-02 21:04 . 2009-11-19 18:02 66952 ----a-w- C:\BUPDATER.EXE
2010-08-02 21:04 . 2010-08-14 18:45 -------- d-----w- c:\users\User\AppData\Roaming\DNA
2010-08-02 21:04 . 2010-08-14 16:45 -------- d-----w- c:\program files\DNA
2010-08-02 21:04 . 2010-08-02 21:04 -------- d-----w- c:\users\User\AppData\Local\DNA
2010-07-31 13:24 . 2010-07-31 13:24 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-07-31 13:23 . 2010-07-31 13:23 -------- d-----w- c:\program files\DWD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 14:43 . 2009-10-26 19:02 -------- d-----w- c:\programdata\Babylon
2010-08-29 14:43 . 2009-10-15 16:07 -------- d-----w- c:\programdata\NVIDIA
2010-08-29 12:20 . 2009-12-12 15:22 -------- d-----w- c:\program files\PeerBlock
2010-08-29 12:05 . 2009-10-26 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-29 08:02 . 2009-07-14 08:21 700102 ----a-w- c:\windows\system32\perfh010.dat
2010-08-29 08:02 . 2009-07-14 08:21 128182 ----a-w- c:\windows\system32\perfc010.dat
2010-08-29 08:00 . 2009-10-26 18:51 -------- d-----w- c:\program files\Microsoft.NET
2010-08-28 22:33 . 2010-07-28 15:51 -------- d-----w- c:\program files\LogMeIn
2010-08-25 19:50 . 2009-10-26 18:54 -------- d-----w- c:\program files\StepMania CVS
2010-08-16 22:18 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-08-14 21:47 . 2009-10-26 20:48 -------- d-----w- c:\users\User\AppData\Roaming\Wireshark
2010-08-14 21:37 . 2009-10-26 19:02 -------- d-----w- c:\program files\WinPcap
2010-08-14 16:47 . 2009-10-26 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-14 16:13 . 2009-10-26 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 14:39 . 2010-08-14 14:39 20992 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{584B078D-3C85-93E3-D10C-66D3978C5C37}-svchost.exe
2010-08-14 12:59 . 2010-01-24 18:00 -------- d-----w- c:\programdata\Mozilla Firefox
2010-08-13 17:32 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-13 17:32 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-13 17:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-12 17:16 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2010-08-10 11:20 . 2009-10-26 18:49 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 12:32 . 2010-06-13 21:30 2828 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-08-07 09:08 . 2009-10-26 19:00 -------- d-----w- c:\program files\SyncBack
2010-08-02 21:33 . 2009-10-15 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 21:26 . 2010-08-02 21:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-08-02 21:01 . 2009-10-26 20:45 -------- d-----w- c:\users\User\AppData\Roaming\Download Manager
2010-07-31 13:23 . 2009-10-26 18:53 -------- d-----w- c:\program files\Samsung
2010-07-28 22:40 . 2006-06-02 15:29 10 ----a-w- c:\windows\popcinfo.dat
2010-07-28 15:52 . 2010-07-28 15:52 -------- d-----w- c:\programdata\LogMeIn
2010-07-25 22:19 . 2010-01-24 18:00 23512 ----a-w- c:\programdata\Mozilla Firefox\components\browserdirprovider.dll
2010-07-25 22:19 . 2010-01-24 18:00 138712 ----a-w- c:\programdata\Mozilla Firefox\components\brwsrcmp.dll
2010-07-25 22:19 . 2010-01-24 18:00 17880 ----a-w- c:\programdata\Mozilla Firefox\AccessibleMarshal.dll
2010-07-23 07:51 . 2009-10-26 20:46 -------- d-----w- c:\users\User\AppData\Roaming\Notepad++
2010-07-23 07:50 . 2009-10-26 18:53 -------- d-----w- c:\program files\Notepad++
2010-07-22 16:58 . 2010-07-22 16:58 -------- d-----w- c:\programdata\Atheros
2010-07-22 16:50 . 2010-04-15 21:36 -------- d-----w- c:\programdata\FNET
2010-06-30 06:25 . 2010-08-14 14:24 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-25 17:07 . 2010-06-25 17:07 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07 . 2010-06-25 17:07 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07 . 2010-06-25 17:07 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-25 17:03 . 2010-06-25 17:03 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-06-19 19:34 . 2010-06-19 19:34 103864 ----a-w- c:\programdata\Mozilla Firefox\plugins\nppdf32.dll
2010-06-19 06:23 . 2010-08-14 14:24 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-14 14:24 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-14 14:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-13 21:30 . 2009-10-15 16:01 320208 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-09 16:58 . 2009-10-31 13:08 2568 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-08 06:02 . 2010-08-14 14:24 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 14:06 . 2007-07-27 23:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-02 14:06 . 2007-07-27 23:15 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-02 14:06 . 2007-07-27 23:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-01 09:44 . 2010-07-30 14:49 3907584 ----a-w- c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-05-31 19:57 . 2010-05-31 19:57 50354 ----a-w- c:\users\User\AppData\Roaming\Facebook\uninstall.exe
2008-02-23 22:44 . 2005-05-13 15:12 217073 --sh--r- c:\windows\meta4.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sh--r- c:\windows\System32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sh--r- c:\windows\System32\cygz.dll
2006-05-03 10:06 . 2009-08-01 08:57 163328 --sh--r- c:\windows\System32\flvDX.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sh--r- c:\windows\System32\i420vfw.dll
2006-07-30 21:14 . 2004-10-31 18:29 11894 --sh--w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-08-01 08:57 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-08-01 08:57 216064 --sh--r- c:\windows\System32\nbDX.dll
2005-02-28 11:16 . 2005-02-28 11:16 240128 --sh--r- c:\windows\System32\x.264.exe
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-13 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\erdnt\cache\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\System32\dllcache\user32.dll

[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\System32\msgsvc.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2002-12-17 17:47 . 8718CF284545073A31B80FA71B60E228 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\System32\ntmssvc.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-08-29_12.37.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:55 . 2010-08-29 12:02 34824 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-29 14:44 34824 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-15 13:54 . 2010-08-29 12:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 13:54 . 2010-08-29 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 13:54 . 2010-08-29 14:43 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 13:54 . 2010-08-29 12:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-08-29 12:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-29 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 15:01 . 2010-08-29 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 15:01 . 2010-08-29 12:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-29 14:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-22 15:01 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-22 15:01 . 2010-08-29 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-15 16:05 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 16:05 . 2010-08-29 14:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 12:09 . 2010-08-29 12:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-29 14:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-24 12:09 . 2010-08-29 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-24 12:09 . 2010-08-29 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-24 12:09 . 2010-08-29 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-24 12:09 . 2010-08-29 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-15 16:05 . 2010-08-29 12:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-29 14:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-15 16:05 . 2010-08-29 12:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-15 16:05 . 2010-08-29 14:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-29 14:41 . 2010-08-29 14:41 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
- 2010-08-29 12:00 . 2010-08-29 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-29 12:00 . 2010-08-29 14:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-29 13:06 . 2010-08-29 13:06 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
+ 2009-10-15 14:18 . 2010-08-29 14:43 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-10-15 14:18 . 2010-08-29 12:37 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-29 14:41 . 2010-08-29 14:41 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
+ 2010-08-29 13:06 . 2010-08-29 13:06 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\95d92a700a1fba76f89a30ab46864f10\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll
+ 2010-08-29 14:41 . 2010-08-29 14:41 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1137664 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e95f51d720705725942dda0017055464\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2010-08-29 13:06 . 2010-08-29 13:06 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-03 122944]
"TelekomatXP"="c:\program files\DLULMeterFree\UKDUMFree.exe" [2004-01-15 653312]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 1474560]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2009-08-20 7256576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-01 119152]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-04-15 3788800]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Babylon.lnk - c:\programmi\Babylon\Babylon-Pro\Babylon.exe [2009-7-29 3551456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-10-29 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-10-29 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 06:05 189056 ------w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 15:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-08-06 06:27 860160 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-24 18:12 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

R2 gupdate1c98d604e5770e0;Servizio di Google Update (gupdate1c98d604e5770e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2008-08-06 905728]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2008-08-27 1238272]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [2005-07-26 43968]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-04-15 23680]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WUSB300Nx86.sys [2007-03-13 312320]
R3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
R3 vpcuxd;Servizio stub virtualizzazione USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1343400]
R4 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=c:\program files\MySQL\MySQL Server 5.0\my.ini MySQL5 [x]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-04-15 7936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 eugss;EUTRON SmartKey GSS2 Driver;c:\windows\system32\Drivers\eugssxp.sys [2007-05-09 68040]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:21]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-237298051-2971886165-3222819484-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 08:12]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Translate with &Babylon - /Translate.htm
TCP: {28B45408-2D45-42DD-B1FC-31B7DDCCB7B7} = 208.67.222.222,208.67.220.220
TCP: 77C616E6D21607 = 208.67.222.222,208.67.220.220
TCP: {E7FEB51A-11ED-4A45-A92D-69A89F18CA62} = 208.67.220.220,208.67.222.222
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Picasa\npPicasa3.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\default.9um\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-237298051-2971886165-3222819484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ś**%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:36,5c,1b,34,bf,4b,02,97,b6,ae,d5,40,c5,8c,9c,57,9c,db,4e,72,4b,
24,8a,60,a7,e5,5d,8e,70,65,5a,af,25,80,87,04,e3,24,54,13,ae,72,31,e0,6c,aa,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(4656)
c:\programmi\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BlueTooth\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FreePOPs\freepopsservice.exe
c:\program files\FreePOPs\freepopsd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\windows\system32\conhost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-29 16:48:57 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2010-08-29 14:48
ComboFix2.txt 2010-08-29 12:43
ComboFix3.txt 2010-08-27 17:18
ComboFix4.txt 2010-08-27 12:28
ComboFix5.txt 2010-08-29 14:35

Pre-Run: 277.757.800.448 byte disponibili
Post-Run: 277.644.374.016 byte disponibili

- - End Of File - - 38B283DFBDA9FF8F997135E9769F49B7
Caricamento effettuato con successo



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 29 August 2010 - 10:21 AM

Hi,

it looks as if it worked this time. smile.gif Is the PC doing better too?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 29 August 2010 - 12:15 PM

Hello myrti,

yes, the PC is really better now, thank you to your precious support!

By the way, I think there is still something, connected with the malware. Please take a look at the following...

I have noticed that every 15 seconds, my PC tries to connect to the IP 77.67.10.xxx
I discovered it by looking at PeerBlock log ("Attaccante Olandese" means "Dutch attacker"):


Now, since I have added a rule, in the Windows Firewall, to block every connection from/to 77.67.10.xxx , I am safe.
But I can swear, if I disable the rule, that the two malware files "gnvkt.sys" and "tbmym.sys" will be downloaded again.

Anyway, unlike before, if I monitor the open internet connections (I use TCPView to see them) that IP address doesn't show.

From your experience, is there something that I can do, to discover which file / service / process is trying to connect to that IP address?

Thanks again for your support. I am going to make a donation for your help given so far.

Regards

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:42 PM

Posted 29 August 2010 - 02:54 PM

Hi,

Thanks for the donation. smile.gif

I'm not so sure about the dutch attacker though. The IP resolves to akamai. You can find out more about Akamai here: http://www.akamai.com/html/about/index.html
You also have teh Akamai Netsession Inteface installed. More about that here: http://www.akamai.com/html/misc/akamai_cli...erface_faq.html

Are you sure that that is were you received the files from?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Zak McKracken

Zak McKracken
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 29 August 2010 - 03:33 PM

Uhm, maybe I was confused.

"Dutch Attacker" is a name I have given to block that IP, in PeerBlock, because I thought it was related to the malware.

In effect, I didn't installed akamai (not intentionally, altough). I checked now, I have AKAMAI installed since august 12.

Now I have uninstalled it... and there are no more connections to that IP address.

Thank you again!

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users